Researchers at Google have exposed an exploit in the design of DRAM in many modern PCs. In an experiment, the researchers used a technique called Rowhammer, which allows an ordinary program to gain kernel level privileges. The researchers tested this technique on 29 different machines with a variety of CPUs and DRAM from several different vendors. They found that 15 out of the 29 machines were vulnerable to Rowhammer.
The Rowhammer exploit works because memory cells on DRAM devices have grown closer and closer together over time, in order to fit more memory onto a chip. Due to this closeness of memory cells, electrons will jump from one cell to a neighboring cell in certain circumstances, which can cause the bit of memory in that cell to flip. The Rowhammer exploit involves repeatedly accessing a particular cell of memory over and over again, which eventually causes the neighboring cells to flip. Using this exploit a program can change values stored in memory it would normally not have access too, by targeting neighboring rows of memory with the Rowhammer technique.
While software exploits can often be fixed with a patch or update once a problem is discovered, a hardware exploit like this poses a more difficult challenge. For people with computers that are vulnerable to this exploit, there is little that can be done to protect against this threat except to buy new hardware. However, there are steps which can be taken by hardware manufacturers which can mitigate the threat of Rowhammer in future hardware.
Limitations can be placed on the DRAM so that it doesn’t refresh a row of memory too often without also refreshing neighboring rows. Another defense against Rowhammer is the use of ECC memory, which has extra bits for the purpose of error correction. However, this would make the memory more expensive to manufacture, which is why ECC memory is rarely found in PCs.
One of the most important lessons to be learned from this exploit is that vulnerabilities in hardware are just as important as vulnerabilities in software. Manufacturers need to take greater care in analyzing their designs for possible vulnerabilities or exploits, and if discovered they need to make those exploits known to the public and offer solutions to mitigate them.
Do you think hardware manufacturers should have done more to make their hardware secure? Leave your comments below.