#1 Trusted Cybersecurity News Platform Followed by 3.45+ million
The Hacker News Logo
Subscribe to Newsletter
CrowdSec

Rowhammer | Breaking Cybersecurity News | The Hacker News

Google Researchers Discover A New Variant of Rowhammer Attack

Google Researchers Discover A New Variant of Rowhammer Attack

May 26, 2021
A team of security researchers from Google has demonstrated yet another variant of the Rowhammer vulnerability that targets increasingly smaller DRAM chips to bypass all current mitigations, making it a persistent threat to chip security. Dubbed "Half-Double," the new hammering technique hinges on the weak coupling between two memory rows that are not immediately adjacent to each other but one row removed in an attempt to tamper with data stored in memory and attack a system . "Unlike  TRRespass , which exploits the blind spots of manufacturer-dependent defenses, Half-Double is an intrinsic property of the underlying silicon substrate," the researchers  noted . "This is likely an indication that the electrical coupling responsible for Rowhammer is a property of distance, effectively becoming stronger and longer-ranged as cell geometries shrink down. Distances greater than two are conceivable." Rowhammer attacks are similar to  speculative execution  
New JavaScript Exploit Can Now Carry Out DDR4 Rowhammer Attacks

New JavaScript Exploit Can Now Carry Out DDR4 Rowhammer Attacks

Apr 14, 2021
Academics from Vrije University in Amsterdam and ETH Zurich have published a new research paper describing yet another variation of the Rowhammer attack. Dubbed  SMASH  (Synchronized MAny-Sided Hammering), the technique can be used to successfully trigger the attack from JavaScript on modern DDR4 RAM cards, notwithstanding extensive mitigations that have been put in place by manufacturers over the last seven years. "Despite their in-DRAM Target Row Refresh (TRR) mitigations, some of the most recent DDR4 modules are still vulnerable to many-sided Rowhammer bit flips," the researchers said.  "SMASH exploits high-level knowledge of cache replacement policies to generate optimal access patterns for eviction-based many-sided Rowhammer. To bypass the in-DRAM TRR mitigations, SMASH carefully schedules cache hits and misses to successfully trigger synchronized many-sided Rowhammer bit flips." By synchronizing memory requests with DRAM refresh commands, the researchers
cyber security

external linkSay Goodbye to SaaS Blind Spots: Wing Security Unveils Free Discovery Tool

websitewww.wing.securitySaaS Security / Attack Surface
Wing Security finds and ranks all SaaS applications completely for free, removing unnecessary risk.
Cybersecurity Resources