In 2015, researchers discovered a threat to security, known as Rowhammer, which allowed to adjust, change or steal sensitive data with multiple access to certain areas of DDR memory chips. Memory chips manufacturers actively worked on the development of protection from this attack.
A scheme illustrating the hierarchical organization of the DRAM chip.
However, a new method of creating the same Rowhammer-induced “bitflies” was recently developed even on the new generation of DDR4 chips, which already had built-in means of protection against Rowhammer. This is the new method, named RowPress, does not work through a multiple “impact” on carefully selected areas, but by their long opening.
The diagram showing the standard of the usual Rowhammer in three representative cases of RowPress among 164 DDR4 chips from all three main manufacturers.
Rowpress enhances the vulnerability of the DDR4 chips to attacks by reading, which is aggravated by combining Rowhammer access. Interestingly, an increase in the temperature of the chip also enhances this effect.
Onur Mutlu, Professor Eth Zürich and the co -author of the recently published article, said: “We are demonstrating the concept of RowPress, which can cause bitflip in a real system, already protected from Rowhammer. We note that this is not an attack in itself. It simply shows it, it shows, it shows. that bitflips are possible, and there are many of them, which can easily become the basis for the attack. “
The basis of DRAM (dynamic memory with arbitrary access) is a storage cell. Each cell consists of a capacitor and a transistor and stores one data bit. Bitflips have long been known as a rare phenomenon. They occur when an unexpected stream of electrons inside the gate of the transistor changes the voltage.
It is worth noting that studies in the field of memory safety are ongoing, and new attack methods require the development of new protection methods.