The Rowhammer vulnerability has resurfaced as a significant concern for modern dynamic random access memory (DRAM) chips, enabling attackers to escalate privileges within targeted systems by exploiting memory access patterns that result in unintended bit flips. This critical issue arises from continuous access to specific memory rows, raising the potential for unauthorized control over a system’s kernel.
In response to the ongoing threat of Rowhammer attacks, memory chip manufacturers have introduced a series of defenses collectively labeled Target Row Refresh (TRR). This technique involves refreshing adjacent memory rows when specific victim rows are accessed beyond a certain threshold, aimed at mitigating the risk of bit flips. However, recent research suggests that TRR’s effectiveness may be overstated, as it has been found insufficient to thwart sophisticated attacks that exploit newly identified hammering patterns.
Labelled as CVE-2020-10255 and uncovered by researchers at VUSec Lab, a fresh vulnerability has prompted the rollout of TRRespass, an open-source fuzzing tool capable of identifying complex hammering strategies. It allows for more focused and effective attacks on DRAM, even without knowledge of the underlying memory architecture. The tool randomly selects various memory rows for potential hammering, enabling attackers to bypass existing mitigations.
Notably, the latest findings indicate that this new exploit also extends to LPDDR4 and LPDDR4X chips, commonly found in devices such as smartphones, further amplifying the risk landscape for millions of consumers. The potential for exposure affects both ordinary users and business environments reliant on these technologies.
In a statement, researchers from VUSec revealed their successful testing of TRRespass on notable smartphone models, including the Google Pixel 3 and Samsung Galaxy S10, demonstrating the practical implications of the vulnerability. Although TRR attempts to manage access patterns by monitoring activations of neighboring rows, its limited capacity to store and analyze all accessed rows at once creates vulnerability windows that can be exploited.
According to the VUSec team’s extensive testing involving 42 DIMMs from the leading memory vendors, bit flips were successfully induced in 12 of them. This finding underscores the pervasive weakness within existing defense measures against Rowhammer attacks, which have proven adept at evading conventional security protocols.
In conclusion, VUSec has alerted the affected parties about the vulnerability. However, it remains uncertain when or whether comprehensive patches will be implemented to address these issues. The research team is also in the process of developing an Android application that would allow users to assess whether their devices are susceptible to new patterns of hammering, highlighting the urgent need for greater awareness and proactive measures in cybersecurity.
As organizations strive to safeguard their data integrity, this incident illustrates critical tactics from the MITRE ATT&CK framework, including privilege escalation and exploitation of system vulnerabilities. The implications for businesses are considerable, emphasizing the necessity for ongoing vigilance and investment in advanced cybersecurity mechanisms to mitigate potential threats.