Should You Worry About Rowhammer?
Rowhammer has the potential to be a big problem - but it's also something that the IT community is addressing.
It sounds like something out of Lord of the Rings – a giant attacker with a big sword, hammering away at something. But now, as the word makes its way deeper into the IT lexicon, lots of those who hear about it for the first time are disappointed when they figure out what it really is.
Regardless, lots people are looking carefully at Rowhammer and how it could change IT.
What is Rowhammer?
Rowhammer is, in its simplest terms, a hardware problem that can be exploited by software. Now, in the days of ubiquitous Internet, people are becoming concerned that Rowhammer could actually be triggered over the Web. This is scary in the same way that RFID hot spot tracking is scary. When people started figuring out that hackers could roam through a crowd with a tracking device and steal credit card numbers out of the air, they started buying tinfoil lined wallets. Rowhammer is like that, in a way: it’s a neat magic trick, that could be used for really bad things. But the fix is going to be a little more complicated.
So in a Rowhammer attack, hackers target the physical properties of DRAM, a whole bunch of memory cells on the same circuit. For quite a few years, scientists have understood how DRAM can experience various “disturbance errors” which actually affect the memory cells at a physical level, affecting their charges that determine their binary contents.
To put it in a way that emphasizes the physical analogy of Rowhammer, if a person “hammers” on a row of bits stored in DRAM, flipping them time after time, it can cause errors in nearby rows. While the technical explanation is bit more involved, this might be the best way to describe Rowhammer: think of the DRAM cells as a host of tiny little boxes stacked in a grid: an attack continues to hit a row of bits, turning them from one binary state to another, and eventually, that can “bleed” out to another row and cause unauthorized, erroneous, illegitimate changes – changes that weren’t done through software (as “nature,” or computer science, intended).
Discussions of the phenomenon show that the DRAM vulnerability by itself isn’t new, and that scientists have been observing this phenomena for decades. But in the last few years, with the evolution of the Web, there’s a much greater chance that Rowhammer exploits could experience a “swift evolution” from something that can only happen with local access, to something that hackers can throw at you from half a world away.
Circling the Wagons
Despite the fearsome ramifications of a Web-ready Rowhammer, some experts are assuring everyone that things are going to be fine.
In a March post on Cisco Blogs titled “Mitigations Available for the DRAM Row Hammer Vulnerability,” writer Omar Santos lays out some of what chip makers and others have been doing to secure our devices against these outlandish types of attacks.
First, calling Rowhammer an “industry-wide issue,” Santos talks about proof-of-concept exploits at Google that show more about how Rowhammer attacks would work. Then, he lists several patents underway for mitigation strategies.
One way that Intel and others are pursuing BB is with a "rapid refresh" technology. This approach would cause the system to “patrol” DRAM more frequently and catch any anomalies faster, preventing some types of disturbance in the cell rows. This idea has led to new protocols like Pseudo Target Row Refresh (pTRR), where different refresh techniques provide a safeguard.
Santos also talks about types of Cisco administrative tools that could look more closely at data to assess errors.
Radon and Rowhammer
Then there are some wackier attempts at memory disturbance assessment that go well beyond anything in a chip maker’s portfolio.
Take a look at this post from Hackaday revealing that some patents are available to use memory error monitoring to identify radon levels. While the post uniquely highlights the nature of Rowhammer, which mixes the usually pristinely separate worlds of digital operations and the “meatspace,” it also raises even more questions about how physical DRAM works.
“Radon’s decay chain contains only alpha and beta emitters. They do not penetrate the casing of a memory chip.” writes poster Dax. Poster Nitori suggests using a “portable particle accelerator” to look at radiation issues. While it might seem peripheral, this kind of discussion really brings home something at the heart of the angst over Rowhammer: that, like it or not, our virtual worlds that we’ve created with modern processors and components are intrinsically linked to our physical world, and even the bits and bytes that we consider sacrosanct can decay and change in various physical ways.
In other words, you can’t keep Mother Nature out of your computer, any more than you can keep mice and insects out of your house. All you can do is “mitigate.”
Not a Big Deal?
Despite the game-changing nature of Rowhammer, there’s not a lot of outcry around it, partly because the above mitigation techniques have every chance of dealing with this kind of attack effectively. Any significant vulnerability would generate some hairy legal processes – and with the IoT and other innovations, we just might see more controversy over DRAM abuse, unless the needed reforms are put in place.