Uh… No. We are not talking about rows of hammers. Or smashing your computer with a hammer. Over the past two years a new exploit has been discovered that is based on modifying memory by specific patterns of access. Hammering – high speed access – of some rows of memory can affect the contents of other rows. Specifically by flipping some bits in other rows of memory.
As it turns out, this problem occurs in lots of modern DRAM, including PCs, and now we know, some smart phones.
So what does this mean for you? Well, we may see PC exploits for this in the “wild” as we say, but if you practice “Safe Computing” practices, you will probably be fine. PC manufacturers have a lot more flexibility about how to mitigate this problem. There has been some discussion about some DRAM refresh times being changed in some motherboard’s BIOS to slow the computers down a little by speeding up the refresh rate, and fixing this. It occurs to me that if this becomes serious enough, windows might control where the “page tables” and other sensitive information is stored so that it can’t be flipped. Often the ways that Row Hammer is exploited is to flip bits in “page table” entries to cause memory security to be defeated. If the page tables weren’t in rows that could be attacked in this way, then that attack is eliminated. We have yet to see Microsoft saying anything about mitigation, but then again, we aren’t likely to see them say anything since saying anything gives the attackers information to sharpen their attack strategies.
Where did this come from?
Well, at the end of the day, the DRAM designers were chasing high densities and low cost and didn’t see this one coming. They test their designs but apparently they don’t test their designs with an eye toward malicious attacks. Apparently the tests are only targeted toward correct operation.
This is one of a number of recent attacks. We have seen attacks that rewrite hard driver firmware, and firmware on thumb drives or other devices that plug into USB ports. All of these recent hardware / device attacks show the lack of security, or holes in testing of hardware that are being exploited to slip Malware into machines. It is a hard problem to secure the updates of firmware for SSDs and Hard drives, or USB devices so that bad guys can’t rewrite that software with malware included.
So what’s likely to happen?
The DRAM folks will get their act together over the next round of computers. For PCs we will probably see the RowHammer exploit disappear over the next two years. Now that the exploit has been shown in Smart Phones, we’ll probably see that hole plugged much quicker. As it turns out, the current version of Android already flags the Android Test program in two ways, one to warn you not to “side load” applications from a non-trusted source, which has always been there, but also a warning about “This Application May Compromise the Security” of your phone, or a similar warning, which is new. For a complete discussion of this see the Oct 25, 2016 Security Now episode where Steve and Leo discuss this thoroughly and give it a try.
Currently these exploits are hard to write and for phones and systems like XBox where there is an App Store, relatively easy to stop. For PCs it’s harder. But the exposure is high, so I think we are going to see robust fixes in the next round of hardware. I think DRAM and other hardware testing is going to get better because of this.
So, don’t panic. But do be careful about picking up Malware for a while, and listen to hear more on this kind of problem. Social Engineering attacks are still easier than writing row-hammer code. So learn and practice safe hygienic computer practices.