(916) 972-9000 info@connectech.us

  • Facebook
  • Twitter
  • LinkedIn
Remember the Rowhammer vulnerability that made headlines around the world last year?

2019 saw all sorts of unusual threats, so if you’re struggling to recall the details of that one in particular, here’s a quick review:

Any time a modern RAM card handles data, it is saved in memory cells that are arranged in a grid pattern on the card’s plastic base.

It’s a neat, orderly, symmetrical design that is incredibly efficient, allowing smart engineers to cram a tremendous number of memory cells onto a surprisingly small surface area. The problem is that the orderly arrangement also makes it possible that there can be electrical interference between adjacent memory cells. This, in a nutshell, is what the Rowhammer attack does.

It’s important to note that to date, no Rowhammer attacks have been seen in the wild. However, engineers quickly realized that inevitably, some hacker group or another would work out a means of exploiting this to cause real harm to vulnerable systems. To that end, they began casting about for solutions. Unfortunately, a viable solution to the problem seems to be more difficult than first meets the eye. A recent survey of the RAM widely used in today’s PCs and smartphones reveals that virtually all of them are still vulnerable to this type of attack.

Understand that the industry hasn’t been standing still on this issue. To date, there have been no less than a dozen potential solutions put forth by equipment manufacturers. Each time, researchers on the academic side have managed to break the proposed solution, putting everyone back to square one.

At this point, a solution is as elusive as ever, with an industry insider admitting that “Unfortunately, due to the nature of these vulnerabilities, it will take a long time before effective mitigations will be in place.”

Right now there’s no solution and there’s no defense against a Rowhammer attack. Thankfully, we still haven’t seen one in the wild, but that day is no doubt coming.