SoylentNews is people
SoylentNews
Submitted via IRC for SoyCow1984
Potentially disastrous Rowhammer bitflips can bypass ECC protections
In early 2015, researchers unveiled Rowhammer, a cutting-edge hack that exploits unfixable physical weaknesses in the silicon of certain types of memory chips to transform data they stored. In the 42 months that have passed since then, an enhancement known as error-correcting code (or ECC) available in higher-end chips was believed to be an absolute defense against potentially disastrous bitflips that changed 0s to 1s and vice versa.
Research published Wednesday has now shattered that assumption.
Dubbed ECCploit, the new Rowhammer attack bypasses ECC protections built into several widely used models of DDR3 chips. The exploit is the product of more than a year of painstaking research that used syringe needles to inject faults into chips and supercooled chips to observe how they responded when bits flipped. The resulting insights, along with some advanced math, allowed researchers in Vrije Universiteit Amsterdam's VUSec group to demonstrate that one of the key defenses against Rowhammer isn't sufficient.
Importantly, the researchers haven't demonstrated that ECCploit works against ECC in DDR4 chips, a newer type of memory chip favored by higher-end cloud services. They also haven't shown that ECCploit can penetrate hypervisors or secondary Rowhammer defenses. Nonetheless, the bypass of ECC is a major milestone that suggests that the threat of Rowhammer continues to evolve and can't easily be discounted.
(Score: 0) by Anonymous Coward on Saturday November 24 2018, @03:14AM
I talked to a guy a few months back who was an electrical engineer (but not on memory). He stated these were well known flaws existing since DDR came to be, but being exacerbated with every new edge utilized in DDR2/3/4 standards. The ONLY way you can eliminate the conditions that allow rowhammer to happen at data rates higher than non-DDR SDRAM allows is to run buffered memory. So unless and until buffered memory is supported on consumer grade hardware, the risks of rowhammer style attacks will continue, because the memory bus timings cannot deal with all rowhammer triggers without losing all performance improvements, or utilizing buffering.