New Rowhammer Attack Bypassing Countermeasures

A new variation of the Rowhammer attack has been identified by the same researchers who discovered the original Rowhammer attack.

Threat ID:: CC-1690
Category:: DOS
Threat Severity:: Medium
Threat Vector:: Exploit
Published:: 9 October 2017 12:00 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

This content has been archived

This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk

Summary

A new variation of the Rowhammer attack has been identified by the same researchers who discovered the original Rowhammer attack.

Threat details

This attack is capable of bypassing all previous countermeasures, which can lead to personal systems being targeted. The aim of the attack is to achieve a privilege escalation or to target corporate cloud systems with denial of service attacks. The attack does, however, require access to the device via a low-level account from a previous exploit or other means.

The new variant of Rowhammer opts for bombarding one single row of memory cells, instead of multiple locations. It is that change of method which allows the vulnerability to bypass all previous mitigations. The downside of the new method of attack for the attacker is that the attack takes longer to complete, between 44.4 – 137.8 hours researchers stated. The time delay is not a problem for attackers targeting online servers which have long up times. The researchers were able to hide the attack completely from Intel Software Guard Extension (SGX) which is a security feature on Intel processors.

Remediation steps

Type	Step
	Monitor logs on cloud networks to detect anomalies that could indicate a DoS attacks is being attempted. Monitor for development of new countermeasures being released

Last edited: 17 February 2020 11:36 am