Google announces Half-Double, a new technique used in the Rowhammer DRAM security exploit

Google has just revealed the discovery of a new technique used by attackers to take advantage of the Rowhammer security exploit present in Dynamic Random-Access Memory (DRAM). This new strategy involves capitalizing on the issues with some of the newer DRAM chips in the ways memory cells interact with each other.

This DRAM vulnerability works by using access to one address to alter the data stored at various other addresses. Similar to CPU execution vulnerabilities, Rowhammer interferes with the security architecture of the underlying hardware. As the exploit exists within the Silicon material itself, the bug enables potential bypass of both hardware and software protection measures. Such security circumvention can allow untrusted code to escape the sandbox and take over the system.

Having first discovered Rowhammer back in 2014, Google has since taken steps to mitigate this privileged escalation issue by monitoring for frequently accessed addresses. From there, chip manufacturers updated the proprietary logic inside their products accordingly. At first, this solution appeared successful—until 2020, when Google's TRRespass paper displayed the ability to reverse engineer the built-in mitigation systems and hinder defenses by distributing access. In fact, further research showed the potential for exploitation from JavaScript, without even the need to invoke cache-management primitives or system calls.

Perhaps most concerning, Half-Double has shown the unique Rowhammer capability of spreading to rows beyond its adjacent neighbors within the memory chip. This increase in distance likely suggests a growing sophistication of the Rowhammer exploit.

Google has begun collaborating with the independent semiconductor engineering trade organization JEDEC, among others, to try and resolve this Rowhammer threat. For now, Google encourages the multiple possibly impacted industries—from automotive to IoT—to contribute to and support this effort in any way possible.

More information: Qazi, S. et al. "Introducing Half-Double: New Hammering Technique for DRAM Rowhammer Bug." Google Online Security Blog, Google, 25 May 2021, security.googleblog.com/2021/0 … e-new-hammering.html

Google announces Half-Double, a new technique used in the Rowhammer DRAM security exploit

Researchers explore RAMBleed attack in pilfering data

Researchers develop tiny chip that can safeguard user data while enabling efficient computing on a smartphone

Researchers develop energy-efficient probabilistic computer by combining CMOS with stochastic nanomagnet

Taichi: A large-scale diffractive hybrid photonic AI chiplet

World-first 'Cybercrime Index' ranks countries by cybercrime threat level

Researchers find a faster, better way to prevent an AI chatbot from giving toxic responses

Protecting art and passwords with biochemistry

New privacy-preserving robotic cameras obscure images beyond human recognition

With a game show as his guide, researcher uses AI to predict deception

Super Mario hackers' tricks could protect software from bugs, study finds

The world's largest 3D printer is at a university in Maine. It just unveiled an even bigger one

Personalization has the potential to democratize who decides how LLMs behave

Aerogel-based phase change materials improve thermal management, reduce microwave emissions in electronic devices

Holographic displays offer a glimpse into an immersive future

Researchers develop high-energy-density aqueous battery based on halogen multi-electron transfer

Extracting high-purity gold from electrical and electronic waste

How potatoes, corn and beans led to breakthrough in smart windows technology

A new framework to generate human motions from language prompts

New metasurface innovation unlocks precision control in wireless signals

Google announces Half-Double, a new technique used in the Rowhammer DRAM security exploit

Let us know if there is a problem with our content

Thank you for taking time to provide your feedback to the editors

Share article

E-MAIL THE STORY