Your DDR4 memory could be facing the return of some serious assaults

News
By published

Researchers say new attack nullifies all current mitigations

Representational image depecting cybersecurity protection
(Image credit: Shutterstock)

Researchers have developed a new fuzzing-based technique called Blacksmith that can successfully trigger the Rowhammer vulnerability against all modern DDR4 RAM modules, bypassing existing mitigations.

The Rowhammer hack works by manipulating the electrical charge in modern memory chips. The repeated hammering to one row of transistors results in the flipping of values in the adjacent rows.

Earlier this year Google engineers had revealed that Rowhammer attacks were now more plausible thanks to recent improvements in the design of modern DRAM memory chips.

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

To stop Rowhammer, DRAM implements a mitigation technique known as Target Row Refresh (TRR). However, cybersecurity researchers at COMSEC, the computer security group in ETH Zürich, have now demonstrated that the Blacksmith Rowhammer fuzzer can bypass TRR on 100% of the PC-DDR4 DRAM devices. 

No RAM is safe

Prior to Blacksmith, the researchers had developed a technique called TRRespass that could trigger bit flips on 31% of today’s PC-DDR4 devices. They then built on top of that work to develop a new approach “for crafting non-uniform and frequency-based Rowhammer access patterns.” 

Feeding the patterns in the Blacksmith fuzzer, the researchers could trigger bit flips in all of the 40 tested DDR4 RAM modules over a contiguous memory area of 256 MB.

“Concluding, our work confirms that the DRAM vendors’ claims about Rowhammer protections are false and lure you into a false sense of security. All currently deployed mitigations are insufficient to fully protect against Rowhammer. Our novel patterns show that attackers can more easily exploit systems than previously assumed,” share the researchers.

The researchers add that while using ECC-capable DRAM will make exploitation harder, it is still not an effective defense strategy.

However, reporting on the development, BleepingComputer asserts that Rowhammer may not be as much of a problem in newer DDR5 DRAM modules, which have replaced TRR with a new system dubbed refresh management.

Irrespective of the threat, use these best endpoint protection tools to shield your computers from cyber-attacks 

Mayank Sharma
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Read more
AMD logo
Security flaw means AMD Zen CPUs can be "jailbroken"
A person at a laptop with a cybersecure lock symbol floating above it.
Parallels Desktop has some worrying security flaws for Mac users
AMD logo
AMD patches high severity security flaw affecting Zen chips
Representational image of a cybercriminal
Microsoft discovers five potentially damaging attacks against its own software
An abstract image of a lock against a digital background, denoting cybersecurity.
Apple CPU security issue could let hackers steal user data from browsers
China
Chinese hackers develop effective new hacking technique to go after business networks
Latest in Security
Hacker silhouette working on a laptop with North Korean flag on the background
North Korea unveils new military unit targeting AI attacks
An image of network security icons for a network encircling a digital blue earth.
US government warns agencies to make sure their backups are safe from NAKIVO security issue
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Veeam urges users to patch security issues which could allow backup hacks
UK Prime Minister Sir Kier Starmer
The UK releases timeline for migration to post-quantum cryptography
Representational image depecting cybersecurity protection
Cisco smart licensing system sees critical security flaws exploited
Latest in News
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 23 (game #1154)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Sunday, March 23 (game #385)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Sunday, March 23 (game #651)
Google Pixel 9 Pro Fold main display opened
Apple is rumored to be prioritizing battery life on the foldable iPhone – which could also feature a liquid metal hinge for added durability
Google Pixel 9
The Google Pixel 10 just showed up in Android code – and may come with a useful speed boost
L-mount alliance
Sirui joins L-Mount Alliance to deliver its superb budget lenses for Leica, DJI, Sigma and Panasonic cameras
More about security
Hacker silhouette working on a laptop with North Korean flag on the background

North Korea unveils new military unit targeting AI attacks

Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)

This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
Vinpower iXFlash and iXFlash Cube

This tiny 2TB USB Flash drive can both charge and backup your iPhone at the same time
See more latest
Most Popular
Vinpower iXFlash and iXFlash Cube
This tiny 2TB USB Flash drive can both charge and backup your iPhone at the same time
Compal Adapt X modular laptop
One of the largest laptop manufacturers releases concept pictures of Adapt X, a modular laptop in the same vein as Framework
Anycubic foldable portable 3D printer
Anycubic may launch this gorgeous foldable portable 3D printer any day soon, and I can't wait to try it out
HP Fury G1i 18&quot;
'2-inches gets you 30% more screen': HP is pitching 18-inch laptop as the best new thing in tech
Framework Desktop
Framework's Desktop is selling like hot cakes; Ryzen Max+ 395, Max 383 batches are sold out with next shipment in Q3
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 23 (game #1154)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Sunday, March 23 (game #651)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Sunday, March 23 (game #385)
Google Pixel 9 Pro Fold main display opened
Apple is rumored to be prioritizing battery life on the foldable iPhone – which could also feature a liquid metal hinge for added durability
A person using a smartphone with an ecommerce website showing on a laptop.
Consumers are warming up to AI assistants, survey finds - 1/3 of us would allow AI to make purchases