March 17, 2015 By Jaikumar Vijayan 2 min read

Security researchers at Google’s Project Zero vulnerability research group have found a way to reliably exploit a potentially serious hardware bug that exists in many modern dynamic random-access memory (DRAM) devices.

Tests conducted on DRAM devices in 29×86 laptop computers from multiple vendors suggest the problem is widespread and that vendors have known about it for a while, the researchers noted in a blog post this week. However, it may be that the vendors have so far treated the hardware bug as just a reliability problem and not as a security issue that can be exploited to corrupt a system.

The problem, dubbed “rowhammer” by the Google researchers, stems from the ever-shrinking nature of DRAM technologies. As DRAM cells have gotten smaller and closer together, it has become harder for manufacturers to prevent cells from interacting with each other electrically and from disturbing neighboring cells, the researchers said.

Experimental Study

In an experimental study on DRAM disturbance errors last year, researchers at Carnegie Mellon University and Intel showed how it is possible to corrupt data in DRAM chips by repeatedly activating and deactivating data in a single row. By simply reading from the same memory address on a DRAM chip repeatedly, it is possible to corrupt data in neighboring rows. It is this process that Google’s researchers describe as “row hammering” in their report.

The researchers investigated a total of 129 DRAM modules from different vendors and discovered disturbance errors in 110 of them. Interestingly, all DRAM chips manufactured between 2012 and 2013 were susceptible to the issue, suggesting the problem is especially prevalent in modern chipsets.

Modern manufacturing processes have allowed chipmakers to reduce memory costs by cramming more DRAM cells into the same amount of real estate. However, in the process, they have also introduced memory reliability issues.

Working Exploits

What Google’s Project Zero researchers have done is show how to exploit the hardware bug. They built two working exploits that let attackers corrupt a DRAM device and escalate their privileges on a compromised system. One of the exploits runs as a Native Client (NaCl) program that attackers can use to escalate privileges and escape the NaCl sandboxing system, the Google researchers said.

The second is a kernel privilege escalation exploit that basically uses row hammering to induce DRAM errors that would let an attacker gain read-write access to all physical memory. According to the researchers, this exploit is harder to mitigate than the one that involves the NaCl sandbox escape.

In order to increase the speed and their chances of corrupting memory cells in DRAM, the researchers showed how an approach they described as “double-sided hammering” can be used to cause memory bits to flip more quickly.

Addressing the Hardware Bug Issue

Chipmakers that are aware of the issue have tried to address it by improving the isolation between cells and by looking for disturbance errors during the post-production testing phase. There are indications that some DRAM manufacturers have begun to implement BIOS updates and other mitigations for the issue, the Google researchers said. At least one DRAM vendor has indicated publicly that it implements rowhammer mitigations within its devices, and some newer laptop models appear to be immune to the problem.

However, without more information from vendors, it is hard to say for sure how many laptop computers are currently vulnerable to the hardware bug. In treating the rowhammer problem as a reliability issue, vendors appear to have overlooked the security implications. It is time for hardware vendors to analyze the issue on their device and provide explanations of impact and mitigation strategies.

More from

Cyberattack on American Water: A warning to critical infrastructure

3 min read - American Water, the largest publicly traded United States water and wastewater utility, recently experienced a cybersecurity incident that forced the company to disconnect key systems, including its customer billing platform. As the company’s investigation continues, there are growing concerns about the vulnerabilities that persist in the water sector, which has increasingly become a target for cyberattacks. The breach is a stark reminder of the critical infrastructure risks that have long plagued the industry. While the water utility has confirmed that…

What’s behind unchecked CVE proliferation, and what to do about it

4 min read - The volume of Common Vulnerabilities and Exposures (CVEs) has reached staggering levels, placing immense pressure on organizations' cyber defenses. According to SecurityScorecard, there were 29,000 vulnerabilities recorded in 2023, and by mid-2024, nearly 27,500 had already been identified.Meanwhile, Coalition's 2024 Cyber Threat Index forecasts that the total number of CVEs for 2024 will hit 34,888—a 25% increase compared to the previous year. This upward trend presents a significant challenge for organizations trying to manage vulnerabilities and mitigate potential exploits.What’s behind…

Quishing: A growing threat hiding in plain sight

4 min read - Our mobile devices go everywhere we go, and we can use them for almost anything. For businesses, the accessibility of mobile devices has also made it easier to create more interactive ways to introduce new products and services while improving user experiences across different industries. Quick-response (QR) codes are a good example of this in action and help mobile devices quickly navigate to web pages or install new software by simply scanning an image.However, legitimate organizations aren’t the only ones…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today