Skip to main content

Google spots DDR4 weakness that could expose your PC to a system takeover

Samsung DDR4 RAM sticks
(Image credit: Samsung)
Audio player loading…

A new technique for hacking DRAM could expose your DDR4 RAM to attacks, and potential system takeovers. Thankfully, Google is stepping up with the smart idea to make the findings public, in the hopes it will expedite a fix.

Perfect peripherals

(Image credit: Colorwave)

Best gaming mouse (opens in new tab): the top rodents for gaming
Best gaming keyboard (opens in new tab): your PC's best friend...
Best gaming headset (opens in new tab): don't ignore in-game audio

The software is a new variant of a known vulnerability called Rowhammer. The vanilla version of the software would compromise the data rattling around your RAM's memory cells by granting hackers ability to access one adjacent row, and modify the content of other memory addresses, by sending multiple access requests.

It's existed for a while and, according to Neowin (opens in new tab), it came about thanks to an "electrical coupling phenomenon in silicon chips which bypasses software- and hardware-based protection."

Previously, with DDR3 chips, it was possible for DRAM manufacturers to protect against Rowhammer hacks by implementing logic that would detect and block the dodgy activity. They thought it was all over. Now though, with the advent of DDR4, it's been revealed that the bane of Rowhammer remains a threat, still working through TRRespass (opens in new tab) and other methods. 

Queue the harbingers over at Google, who explain there's a new, even more dangerous, 'Half-double' Rowhammer technique about now, and its been shown to surpass its predecessor by at least one more row, though it's not as effective at accessing deeper into the cache. Still, there is potential it could access deeper rows, exposing even more data.

"Unlike TRRespass, which exploits the blind spots of manufacturer-dependent defenses, Half-Double is an intrinsic property of the underlying silicon substrate," says Google. "This is likely an indication that the electrical coupling responsible for Rowhammer is a property of distance, effectively becoming stronger and longer-ranged as cell geometries shrink down. Distances greater than two are conceivable."

This is all coming out publicly to encourage a collaborative effort to plug the compromise as soon as possible. Google is also working with industry partners like semiconductor standards organisation JEDEC to get the ball rolling. You can see what they've come up with so far here (opens in new tab), and here (opens in new tab).

Katie Wickens
Katie Wickens

Screw sports, Katie would rather watch Intel, AMD and Nvidia go at it. Having been obsessed with computers and graphics for three long decades, she took Game Art and Design up to Masters level at uni, and has been demystifying tech and science—rather sarcastically—for two years since. She can be found admiring AI advancements, scrambling for scintillating Raspberry Pi projects, preaching cybersecurity awareness, sighing over semiconductors, and gawping at the latest GPU upgrades. She's been heading the PCG Steam Deck content hike, while waiting patiently for her chance to upload her consciousness into the cloud.