Row Hammer DRAM Bug Now Exploitable via JavaScript, Most DDR3 Memory Chips Vulnerable

In March, security researchers have published a report detailing a problem with some memory chips which can be exploited to give attackers access to any computer using the latest DDR3 DRAM chips.

The exploit was named Row Hammer (also spelled Rowhammer) and works by constantly hammering a row of memory cells until they create an electromagnetic interference for the adjacent rows, causing them to lose data and alter normal operation.

While the original research showed how this type of attack was only possible from the local machine, which implied that the computer needed to be infected first, a new research by Daniel Gruss, Clémentine Maurice, and Stefan Mangard from universities in France and Austria, show how Row Hammer can be actively exploited via JavaScript (asSlate reports).

This means an attacker can simply put his exploit code in a JavaScript file and wait for random users to access a Web page and download the file.

Row Hammer DRAM Bug Now Exploitable via JavaScript, Most DDR3 Memory Chips Vulnerable

Row Hammer DRAM Bug Now Exploitable via JavaScript, Most DDR3 Memory Chips Vulnerable

Row Hammer can be launched from any website

The three researchers used Rowhammer.js to test out their theory and observed that the “attack runs in [a] sandboxed JavaScript which is present and enabled by default in every modern browser.”

“Although implemented in JavaScript, the attack technique is independent of the specific CPU microarchitecture, programming language and runtime environment, as long as the stream of memory accesses is executed fast enough,” security researchers conclude.

As with the original Row Hammer bug, the JavaScript-version of this exploit is unpatchable at a software level, and a general BIOS update would be needed to fix it.

Researchers did say that slowing down the speed at which JavaScript is being executed in the browser could diminish the memory cell row hammering effect, but this recommendation will never be heeded by any browser manufacturer, all being obsessed with their JS runtime benchmarks and trying to out-do their competition.

As the three researchers also point out, “Rowhammer.js is the first remote software-induced hardware-fault attack” which would make it a real problem if the Row Hammer bug wouldn’t be so hard to implement and control.



About webimprint

Webimprints is the leading company which provides global information security services to the client around the World.
This entry was posted in Cyber Security, Vulnerabilidad and tagged , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s