Dubbed SMASH (Synchronized Many-Sided Hammering) by the researchers, the technique can be used to hack modern DDR4 RAM memory modules. Researchers demonstrated that many of these memory cards are still vulnerable despite the many mediating measures taken by the manufacturers.
“Despite their in-DRAM Target Row Refresh (TRR) mitigations, some of the most recent DDR4 modules are still vulnerable to many-sided Rowhammer bit flips,” the researchers said.
This type of attack is called Rowhammer. During the attack, a malicious code repeatedly accesses the same “row” of transistors on a memory chip in a fraction of a second (called Hammering) until an electrical charge leaks from the target row to an adjacent one causing data loss.
“SMASH exploits high-level knowledge of cache replacement policies to generate optimal access patterns for eviction-based many-sided Rowhammer. To bypass the in-DRAM TRR mitigations, SMASH carefully schedules cache hits and misses to successfully trigger synchronized many-sided Rowhammer bit flips.”
The research shows that the Rowhammer type of attacks continues to be an active threat for Web users.