Rowhammer Attacks Can Now Bypass ECC Memory Protections

Catalin Cimpanu, reporting for ZDNet: Academics from the Vrije University in Amsterdam, Holland, have published a research paper this week describing a new variation of the Rowhammer attack. For readers unfamiliar with the term, Rowhammer is the name of a class of exploits that takes advantage of a hardware design flaw in modern memory cards. By default, a memory card stores temporary data inside storage units named cells, which are arranged on the physical silicon chip in multiple rows, in the form of a grid. In research [PDF] published today, named ECCploit, academics expanded the previous Rowhammer techniques with yet another variation. This one, they said, bypasses ECC memory, one of the memory protections that hardware makers said could detect and prevent Rowhammer attacks in the past.

ECC stands for Error-Correcting Code and is a type of memory storage included as a control mechanism with high-end RAM, typically deployed with expensive or mission-critical systems. ECC memory works by protecting against rogue bit flips, like the ones caused by Rowhammer attacks. Surprisingly, it wasn't developed to deal with Rowhammer. It was initially developed in the 90s to protect against bit flips caused by alpha particles, neutrons, or other cosmic rays, but when Rowhammer came out, it also proved to be effective against it, as well. But after spending months reverse engineering the designs of ECC memory, the Vrije University team discovered that this protection mechanism has its limits.

Read more of this story at Slashdot.