June 9, 2023

Rowhammer attacks, which were first discovered in 2014, continue to draw the attention of researchers and academics despite the mitigation measures put in place by chip manufacturers and industries.

Intro

  • Dubbed SMASH (Synchronized MAny-Sided Hammering), the attack is triggered by a new JavaScript exploit on modern DDR4 RAM chips.
  • This can enable attackers to arbitrarily read and write primitive in the browser.
  • The interesting aspect of the new variant is it does not rely on software vulnerabilities or bugs. Instead, it takes advantage of the mitigations implemented for the previous Rowhammer bug to initiate the exploit chain.

A Brief

  • RowHammer is an umbrella term for a class of exploits that leverage a fault in hardware design with DDR4 systems.
  • Exploit was induced with rapid read/write operations on a memory row over and over again, ultimately causing the loss of data.
  • Multiple methods have been devised to exploit DRAM integrated circuits. These are ECCploit, Rowhammer.js, Throwhammer, JackHammer, and RAMBleed.
  • In response to the findings, industry-wide countermeasures like Target Row Refresh (TRR) were touted to be the ultimate solution. In March 2020, researchers demonstrated a fuzzing tool called ‘TRRespass’ could be used to make Rowhammer attacks work on DDR4 cards.

From TRRespass to SMASH

  • While TRRespass was achieved by using native code, no methods were available to trigger them in the browser from JavaScript. This led to the discovery of SMASH, granting attackers to read and write in the browser.
  • The exploit chain is initiated when a victim visits a malicious website under the adversary’s control of adversaries or a legitimate website that contains a malicious ad.

Comclusion

  • The revelation of new research confirms that the Rowhammer bug continues to be a threat for web users.
  • However, there’s something good in every bad situation, and in this case, researchers claim that exploiting the Rowhammer bug is not an easy task.
  • Additionally, disabling Transparent Huge Pages (THP) would stop the current instance of SMASH.
Tags:

1 thought on “RowHammer Exploits

  1. Pingback: BlackSmith Follows Row Hammer Attack – TheCyberThrone

Leave a Reply

You may have missed

ACT Government Victim of Barracuda ESG Vulnerability

ACT Government Victim of Barracuda ESG Vulnerability

June 9, 2023
Anonymous Sudan Claims Responsible for Outlook Outages

Anonymous Sudan Claims Responsible for Outlook Outages

June 9, 2023
Visual Studio Bug Results in Takeover

Visual Studio Bug Results in Takeover

June 8, 2023
Cisco Fixes Secure Client Security Flaw

Cisco Fixes Secure Client Security Flaw

June 8, 2023
CISA Releases Guidelines on RMM

CISA Releases Guidelines on RMM

June 8, 2023
CrowdStrike Platform Enhancements

CrowdStrike Platform Enhancements

June 8, 2023
%d bloggers like this: