New JavaScript Exploit Can Now Carry Out DDR4 Rowhammer Attacks

New JavaScript Exploit Can Now Carry Out DDR4 Rowhammer Attacks

Academics from Vrije University in Amsterdam and ETH Zurich have published a new research paper describing yet another variation of the Rowhammer attack.


Dubbed SMASH (Synchronized MAny-Sided Hammering), the technique can be used to successfully trigger the attack from JavaScript on modern DDR4 RAM cards, notwithstanding extensive mitigations that have been put in place by manufacturers over the last seven years.


"Despite their in-DRAM Target Row Refresh (TRR) mitigations, some of the most recent DDR4 modules are still vulnerable to many-sided Rowhammer bit flips," the researchers said.


"SMASH exploits high-level knowledge of cache replacement policies to generate optimal access patterns for eviction-based many-sided Rowhammer. To bypass the in-DRAM TRR mitigations, SMASH carefully schedules cache hits and misses to successfully trigger synchronized many-sided Rowhammer bit flips."





By synchronizing memory requests with DRAM refresh commands, the researchers developed an end-to-end JavaScript exploit which can fully compromise the Firefox browser in 15 minutes on average, proving that web users continue to remain at risk from such attacks.


What is Rowhammer?


First, a quick primer about Rowhammer, an umbrella term referring to a class of exploits that leverage a hardware design quirk in DDR4 systems. Memory RAM cards save data inside what's called memory cells (each consisting of a capacitor and a transistor) that are arranged on the RAM's silicon chip in the ..

Support the originator by clicking the read the rest link below.