Google spots DDR4 weakness that could expose your PC to a system takeover, A new DRAM hacking technique might expose your DDR4 RAM to assaults and eventual system takeovers. Fortunately, Google is stepping up with the wise notion of making the findings public in the hopes of hastening a repair.
The malware is a new variation of a previously known vulnerability known as Rowhammer. By submitting several access requests, the vanilla version of the software would jeopardize the data rattling about your RAM’s memory cells by providing hackers access to one nearby row and the ability to change the content of other memory locations.
It’s been around for a while, due to an “electrical coupling phenomena in silicon chips that overcomes software- and hardware-based security,” according to Neowin.
Previously, DRAM makers could safeguard against Rowhammer attacks by installing circuitry that detected and blocked the nefarious behavior in DDR3 chips.
They assumed it was all over. However, with the introduction of DDR4, it has been shown that the curse of Rowhammer is still a menace, operating via TRRespass and other techniques.
Queue the harbingers at Google, who say that a new, even more deadly, ‘Half-double’ Rowhammer methodology is in the works, and it has been found to outperform its predecessor by at least one row, but it is less successful at getting further into the cache.
However, there is a chance that it will access deeper rows, revealing even more data.
“Unlike TRRespass, which leverages the flaws of manufacturer-dependent protections, Half-Double is an inherent characteristic of the underlying silicon substrate,” Google explains.
“This is most likely evidence that the electrical connection responsible for Rowhammer is a distance attribute, increasing stronger and longer-ranged as cell geometries reduce. Distances of more than two kilometers are feasible.”
All of this is being made public in order to inspire a coordinated effort to fix the compromise as soon as feasible. Google is also collaborating with industry partners such as the semiconductor standards organization JEDEC to get things started. You can see what they’ve come up with so far by clicking here and here.