Google spots DDR4 weakness that could expose your PC to a system takeover

News
By Katie Wickens
published

Hopefully making the findings public will encourage a speedier fix.

Samsung DDR4 RAM sticks
(Image credit: Samsung)

A new technique for hacking DRAM could expose your DDR4 RAM to attacks, and potential system takeovers. Thankfully, Google is stepping up with the smart idea to make the findings public, in the hopes it will expedite a fix.

Perfect peripherals

(Image credit: Colorwave)

Best gaming mouse: the top rodents for gaming
Best gaming keyboard: your PC's best friend...
Best gaming headset: don't ignore in-game audio

The software is a new variant of a known vulnerability called Rowhammer. The vanilla version of the software would compromise the data rattling around your RAM's memory cells by granting hackers ability to access one adjacent row, and modify the content of other memory addresses, by sending multiple access requests.

It's existed for a while and, according to Neowin, it came about thanks to an "electrical coupling phenomenon in silicon chips which bypasses software- and hardware-based protection."

Previously, with DDR3 chips, it was possible for DRAM manufacturers to protect against Rowhammer hacks by implementing logic that would detect and block the dodgy activity. They thought it was all over. Now though, with the advent of DDR4, it's been revealed that the bane of Rowhammer remains a threat, still working through TRRespass and other methods. 

Queue the harbingers over at Google, who explain there's a new, even more dangerous, 'Half-double' Rowhammer technique about now, and its been shown to surpass its predecessor by at least one more row, though it's not as effective at accessing deeper into the cache. Still, there is potential it could access deeper rows, exposing even more data.

"Unlike TRRespass, which exploits the blind spots of manufacturer-dependent defenses, Half-Double is an intrinsic property of the underlying silicon substrate," says Google. "This is likely an indication that the electrical coupling responsible for Rowhammer is a property of distance, effectively becoming stronger and longer-ranged as cell geometries shrink down. Distances greater than two are conceivable."

This is all coming out publicly to encourage a collaborative effort to plug the compromise as soon as possible. Google is also working with industry partners like semiconductor standards organisation JEDEC to get the ball rolling. You can see what they've come up with so far here, and here.

Katie Wickens
Katie Wickens
Hardware Writer

Screw sports, Katie would rather watch Intel, AMD and Nvidia go at it. Having been obsessed with computers and graphics for three long decades, she took Game Art and Design up to Masters level at uni, and has been demystifying tech and science—rather sarcastically—for three years since. She can be found admiring AI advancements, scrambling for scintillating Raspberry Pi projects, preaching cybersecurity awareness, sighing over semiconductors, and gawping at the latest GPU upgrades. She's been heading the PCG Steam Deck content hike, while waiting patiently for her chance to upload her consciousness into the cloud.

See comments