News Google Reveals 'Half-Double' Technique for Exploiting Rowhammer in DDR4

[Admin]

Google revealed a new hammering technique, Half-Double, that can exploit the Rowhammer bug in DRAM memory.

Google Reveals 'Half-Double' Technique for Exploiting Rowhammer in DDR4 : Read more

 

[rluker5]

Hopefully Raptor Lake will come with an edram like cache that defeats this like the 5775c had. Highly used data got moved to cache, effectively sandboxing it.
That and it would be great to have more of that processing power quickly fed by something faster than dram.

 

[InvalidError]

Since normal software has no control over where in the randomized physical memory its memory allocations will land and no way of knowing where the target data is, it should be virtually impossible for attackers to target specific data. I'd be more worried about random memory corruption from this style of attack.

 

[InvalidError]

Also, server memory usually has ECC so if rowhammer-style attacks manage to flip a bit, ECC should flip it right back the next time an address gets read, making it that much more difficult to extract any data.

 

[pjmelect]

I have always thought that this type of attack was impossible, as memory test should find out any tendency for adjacent memory cells to flip and manufacturers of the memory go to great lengths to ensure that this does not happen, further just because memory cells are numerically next door to each other does not mean that they are physically close to one another on the memory chip, in fact numerically adjacent memory cells can be anywhere on the die and the layout is different for different manufacturers.

I have discovered that to get the bits to flip they have to alter the memory timings so that the memory is at the edge of not working, again this is dependent on the type and manufacture of the memory.

If you have access to a computer that allows you to change its memory timings and allows you to write to adjacent memory bits and to also know the layout of the memory chips of the particular manufacture that is in the computer, and not to crash the computer doing this, then this attack might work, but if you have this level of access to the computer then why not just simply write to the memory locations you want to change.