Certain RAM Modules Continue To Have Security Vulnerabilities

March 20, 2020

Written by wukovits

Remember the Rowhammer vulnerability that made headlines around the world last year?

2019 saw all sorts of unusual threats, so if you’re struggling to recall the details of that one in particular, here’s a quick review:

Any time a modern RAM card handles data, it is saved in memory cells that are arranged in a grid pattern on the card’s plastic base.

It’s a neat, orderly, symmetrical design that is incredibly efficient, allowing smart engineers to cram a tremendous number of memory cells onto a surprisingly small surface area. The problem is that the orderly arrangement also makes it possible that there can be electrical interference between adjacent memory cells. This, in a nutshell, is what the Rowhammer attack does.

It’s important to note that to date, no Rowhammer attacks have been seen in the wild. However, engineers quickly realized that inevitably, some hacker group or another would work out a means of exploiting this to cause real harm to vulnerable systems. To that end, they began casting about for solutions. Unfortunately, a viable solution to the problem seems to be more difficult than first meets the eye. A recent survey of the RAM widely used in today’s PCs and smartphones reveals that virtually all of them are still vulnerable to this type of attack.

Understand that the industry hasn’t been standing still on this issue. To date, there have been no less than a dozen potential solutions put forth by equipment manufacturers. Each time, researchers on the academic side have managed to break the proposed solution, putting everyone back to square one.

At this point, a solution is as elusive as ever, with an industry insider admitting that “Unfortunately, due to the nature of these vulnerabilities, it will take a long time before effective mitigations will be in place.”

Right now there’s no solution and there’s no defense against a Rowhammer attack. Thankfully, we still haven’t seen one in the wild, but that day is no doubt coming.

Used with permission from Article Aggregator

Related Articles

Some Amazon Device Features May Have Security Risks

Have you heard of Amazon Sidewalk? If not, it's definitely something you should be aware of. Depending on your point of view, the new feature, which was enabled by default on a wide range of Amazon devices by default on June 8 of this year (2021) is either...

Email Unsubscribe Scam Can Easily Fool Any User

Scammers are increasingly relying on a tried and true bit of social engineering to fool unsuspecting users into unwittingly signing up to receive a flood of additional spam email. They accomplish this by blasting out an email asking recipients if they wish to...

Update VMWare Software Immediately To Avoid Possible Attack

The US Cybersecurity and Infrastructure Security Agency recently issued a warning to all companies running VMware Vcenter Server and VMware Cloud Foundation. They are asking them to download and apply the latest security patches as soon as possible because attackers...

Send us a message

Your message was sent.

Thank you for contacting Bayou Technologies. We'll be in touch soon!

Need help? support-icon