A research team from the Technical University of Zurich, University of Amsterdam, and Qualcomm announced that they have succeeded in specifying a method that can invalidate almost all DDR4 memory security measures on the market. According to this study, it has been found that most devices with current memory are vulnerable to malicious attacks.
Rowhammer, discovered in 2014, is a problem in which when a specific row of a cell in memory is intensively accessed, the contents of the surrounding row are rewritten, resulting in problems such as privilege escalation. About Rowhammer, memory manufacturers developed a security function called TRR (Target Row Refresh) and put it in memory such as DDR4. This is a technology that prevents row hammers from occurring by detecting rows that have been targeted by row hammers and refreshing neighboring row data.
The research team, which was conducting this functional verification, focused on a method (TRRespass) to avoid TRR by accessing the memory in a complex pattern. We developed Blacksmith, a tool with the ability to identify patterns that effectively nullify TRR.
The research team ran Blacksmith for 12 hours on 40 randomly selected DDR4 memories, and low hammer occurred in all the tested memories. The memory subject to verification included memory from Samsung Electronics, Micron, and SK Hynix, which had a total market share of 94%.
According to this result, the research team confirmed that the memory manufacturer’s claim that the low hammer countermeasures were over was wrong and led to a false sense of security. concluded that it was showing
The research team released Blacksmith on GitHub so that memory manufacturers, etc. can verify this problem, and at the same time, researched on IT companies in addition to memory manufacturers such as Samsung Electronics, Micron, SK Hynix, AMD, Google, Intel, Microsoft, and Oracle. informed of the results.
The low hammer method discovered this time cannot be used without practical skills and is not considered an imminent threat to general Internet users. However, this vulnerability, registered as CVE-2021-42114, was rated as 9 out of 10 severity, as countermeasures rooted in hardware are difficult issues.
According to the report, the DDR5 memory, which is starting to appear on the market, uses a system called refresh management instead of TRR, so low hammer does not seem to be a problem, but it is not known whether it is really safe. Related information can be found here.