March 17, 2015 By Jaikumar Vijayan 2 min read

Security researchers at Google’s Project Zero vulnerability research group have found a way to reliably exploit a potentially serious hardware bug that exists in many modern dynamic random-access memory (DRAM) devices.

Tests conducted on DRAM devices in 29×86 laptop computers from multiple vendors suggest the problem is widespread and that vendors have known about it for a while, the researchers noted in a blog post this week. However, it may be that the vendors have so far treated the hardware bug as just a reliability problem and not as a security issue that can be exploited to corrupt a system.

The problem, dubbed “rowhammer” by the Google researchers, stems from the ever-shrinking nature of DRAM technologies. As DRAM cells have gotten smaller and closer together, it has become harder for manufacturers to prevent cells from interacting with each other electrically and from disturbing neighboring cells, the researchers said.

Experimental Study

In an experimental study on DRAM disturbance errors last year, researchers at Carnegie Mellon University and Intel showed how it is possible to corrupt data in DRAM chips by repeatedly activating and deactivating data in a single row. By simply reading from the same memory address on a DRAM chip repeatedly, it is possible to corrupt data in neighboring rows. It is this process that Google’s researchers describe as “row hammering” in their report.

The researchers investigated a total of 129 DRAM modules from different vendors and discovered disturbance errors in 110 of them. Interestingly, all DRAM chips manufactured between 2012 and 2013 were susceptible to the issue, suggesting the problem is especially prevalent in modern chipsets.

Modern manufacturing processes have allowed chipmakers to reduce memory costs by cramming more DRAM cells into the same amount of real estate. However, in the process, they have also introduced memory reliability issues.

Working Exploits

What Google’s Project Zero researchers have done is show how to exploit the hardware bug. They built two working exploits that let attackers corrupt a DRAM device and escalate their privileges on a compromised system. One of the exploits runs as a Native Client (NaCl) program that attackers can use to escalate privileges and escape the NaCl sandboxing system, the Google researchers said.

The second is a kernel privilege escalation exploit that basically uses row hammering to induce DRAM errors that would let an attacker gain read-write access to all physical memory. According to the researchers, this exploit is harder to mitigate than the one that involves the NaCl sandbox escape.

In order to increase the speed and their chances of corrupting memory cells in DRAM, the researchers showed how an approach they described as “double-sided hammering” can be used to cause memory bits to flip more quickly.

Addressing the Hardware Bug Issue

Chipmakers that are aware of the issue have tried to address it by improving the isolation between cells and by looking for disturbance errors during the post-production testing phase. There are indications that some DRAM manufacturers have begun to implement BIOS updates and other mitigations for the issue, the Google researchers said. At least one DRAM vendor has indicated publicly that it implements rowhammer mitigations within its devices, and some newer laptop models appear to be immune to the problem.

However, without more information from vendors, it is hard to say for sure how many laptop computers are currently vulnerable to the hardware bug. In treating the rowhammer problem as a reliability issue, vendors appear to have overlooked the security implications. It is time for hardware vendors to analyze the issue on their device and provide explanations of impact and mitigation strategies.

More from

How to craft a comprehensive data cleanliness policy

3 min read - Practicing good data hygiene is critical for today’s businesses. With everything from operational efficiency to cybersecurity readiness relying on the integrity of stored data, having confidence in your organization’s data cleanliness policy is essential.But what does this involve, and how can you ensure your data cleanliness policy checks the right boxes? Luckily, there are practical steps you can follow to ensure data accuracy while mitigating the security and compliance risks that come with poor data hygiene.Understanding the 6 dimensions of…

2024 roundup: Top data breach stories and industry trends

3 min read - With 2025 on the horizon, it’s important to reflect on the developments and various setbacks that happened in cybersecurity this past year. While there have been many improvements in security technologies and growing awareness of emerging cybersecurity threats, 2024 was also a hard reminder that the ongoing fight against cyber criminals is far from over.We've summarized this past year's top five data breach stories and industry trends, with key takeaways from each that organizations should note going into the following…

Black Friday chaos: The return of Gozi malware

4 min read - On November 29th, 2024, Black Friday, shoppers flooded online stores to grab the best deals of the year. But while consumers were busy filling their carts, cyber criminals were also seizing the opportunity to exploit the shopping frenzy. Our system detected a significant surge in Gozi malware activity, targeting financial institutions across North America. The Black Friday connection Black Friday creates an ideal environment for cyber criminals to thrive. The combination of skyrocketing transaction volumes, a surge in online activity…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today