March 17, 2015 By Jaikumar Vijayan 2 min read

Security researchers at Google’s Project Zero vulnerability research group have found a way to reliably exploit a potentially serious hardware bug that exists in many modern dynamic random-access memory (DRAM) devices.

Tests conducted on DRAM devices in 29×86 laptop computers from multiple vendors suggest the problem is widespread and that vendors have known about it for a while, the researchers noted in a blog post this week. However, it may be that the vendors have so far treated the hardware bug as just a reliability problem and not as a security issue that can be exploited to corrupt a system.

The problem, dubbed “rowhammer” by the Google researchers, stems from the ever-shrinking nature of DRAM technologies. As DRAM cells have gotten smaller and closer together, it has become harder for manufacturers to prevent cells from interacting with each other electrically and from disturbing neighboring cells, the researchers said.

Experimental Study

In an experimental study on DRAM disturbance errors last year, researchers at Carnegie Mellon University and Intel showed how it is possible to corrupt data in DRAM chips by repeatedly activating and deactivating data in a single row. By simply reading from the same memory address on a DRAM chip repeatedly, it is possible to corrupt data in neighboring rows. It is this process that Google’s researchers describe as “row hammering” in their report.

The researchers investigated a total of 129 DRAM modules from different vendors and discovered disturbance errors in 110 of them. Interestingly, all DRAM chips manufactured between 2012 and 2013 were susceptible to the issue, suggesting the problem is especially prevalent in modern chipsets.

Modern manufacturing processes have allowed chipmakers to reduce memory costs by cramming more DRAM cells into the same amount of real estate. However, in the process, they have also introduced memory reliability issues.

Working Exploits

What Google’s Project Zero researchers have done is show how to exploit the hardware bug. They built two working exploits that let attackers corrupt a DRAM device and escalate their privileges on a compromised system. One of the exploits runs as a Native Client (NaCl) program that attackers can use to escalate privileges and escape the NaCl sandboxing system, the Google researchers said.

The second is a kernel privilege escalation exploit that basically uses row hammering to induce DRAM errors that would let an attacker gain read-write access to all physical memory. According to the researchers, this exploit is harder to mitigate than the one that involves the NaCl sandbox escape.

In order to increase the speed and their chances of corrupting memory cells in DRAM, the researchers showed how an approach they described as “double-sided hammering” can be used to cause memory bits to flip more quickly.

Addressing the Hardware Bug Issue

Chipmakers that are aware of the issue have tried to address it by improving the isolation between cells and by looking for disturbance errors during the post-production testing phase. There are indications that some DRAM manufacturers have begun to implement BIOS updates and other mitigations for the issue, the Google researchers said. At least one DRAM vendor has indicated publicly that it implements rowhammer mitigations within its devices, and some newer laptop models appear to be immune to the problem.

However, without more information from vendors, it is hard to say for sure how many laptop computers are currently vulnerable to the hardware bug. In treating the rowhammer problem as a reliability issue, vendors appear to have overlooked the security implications. It is time for hardware vendors to analyze the issue on their device and provide explanations of impact and mitigation strategies.

More from

Making smart cybersecurity spending decisions in 2025

4 min read - December is a month of numbers, from holiday countdowns to RSVPs for parties. But for business leaders, the most important numbers this month are the budget numbers for 2025. With cybersecurity a top focus for many businesses in 2025, it is likely to be a top-line item on many budgets heading into the New Year.Gartner expects that cybersecurity spending is expected to increase 15% in 2025, from $183.9 billion to $212 billion. Security services lead the way for the segment…

Security roundup: Top AI stories in 2024

3 min read - 2024 has been a banner year for artificial intelligence (AI). As enterprises ramp up adoption, however, malicious actors have been exploring new ways to compromise systems with intelligent attacks.With the AI landscape rapidly evolving, it's worth looking back before moving forward. Here are our top five AI security stories for 2024.Can you hear me now? Hackers hijack audio with AIAttackers can fake entire conversations using large language models (LLMs), voice cloning and speech-to-text software. This method is relatively easy to…

Another category? Why we need ITDR

5 min read - Technologists are understandably suffering from category fatigue. This fatigue can be more pronounced within security than in any other sub-sector of IT. Do the use cases and risks of today warrant identity threat detection and response (ITDR)? To address this question, we work backwards from the vulnerabilities, threats, misconfigurations and attacks that IDTR specializes in providing visibility into. As identity threat detection and response (ITDR) technology evolves, one of the most common queries we get is: “Why do we need…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today