Google researchers discovered a new variant of Rowhammer attacks, dubbed “Half-Double,” that allows bypassing all current defenses.

Rowhammer is classified as a problem affecting some recent DRAM devices in which repeatedly accessing a row of memory can cause bit flips in adjacent rows, this means that theoretically, an attacker can change any value of the bit in the memory.

A DDR memory is arranged in an array of rows and columns. Blocks of memory are assigned to various services and applications. To avoid that an application accesses the memory space reserved by another application, it implements a “sandbox” protection mechanism.

Bit flipping technique caused by the Rowhammer problems could be exploited to evade the sandbox.

Vendors devised a set of mitigations known as Target Row Refresh (TRR) that prevent the row hammer effect without negatively impacting performance or power consumption. This can’t prevent the attack since it’s preventing only interference of adjacent memory cells

Rowhammer half double attack

In the new Half-Double attack, researchers demonstrated that it is possible to perform a RowHammer attack that triggers bit flips at a distance of two rows from the hammered row instead of the canonical one used in previous variants of the attack.

The current generation of RAM cards is becoming, even more, smaller, which means that the distance between memory rows was also decreasing making it easier to trigger bit flipping from a larger distance.

 Google said that it is currently working with several semiconductor industry players to search “possible solutions for the Rowhammer phenomenon,” and encouraged fellow experts to join their efforts, as “the challenge is substantial and the ramifications are industry-wide.”