It’s been three years since the introduction of rowhammer, a technique of bypassing memory isolation protection mechanisms to flip bits in memory. This attack occurs when a hacker gains code execution privileges on a local system and then rapidly writes and rewrites memory to force capacitor errors in DRAM. This corruption of memory contents can lead to the wrong instructions being executed (i.e. malicious code), or control structures that govern how memory is assigned to programs being altered. The second scenario can be used by a normal program to gain kernel-level privileges.
It used to be that hackers needed to local obtain code execution on a victim machine to carry out rowhammer attacks. Not anymore.
Researchers in Amsterdam have just introduced a remote version of throwhammer dubbed throwhammer. This new attack relies on the same idea that rapid writes and rewrites in memory can cause changes to DRAM capacitors (i.e. the individual bits of data in physical computer memory).
The difference between these two bit-flipping vulnerabilities is that throwhammer can be executed on a separate system connected to the same LAN. So, the attack could be launched via a Gigabit-capable workstation or server within a corporate on-premise subnet, or from one cloud system to another in the same tenant. This is possible because modern network cards have direct memory access (DMA) due to their Gigabit+ speeds.
Google has set up a public forum for anyone interested in discussing these row/throwhammer.
Daniel Haurey Jr. is the president and founder of managed IT services provider Exigent Technologies, which he founded in 1997. Under his leadership, the MSP has earned accolades ranging from Channel Futures MSP 501 to being named SonicWall’s 2024 MSP Growth Partner of the Year. Dan is a true entrepreneur, dedicated to growing, investing in, and mentoring small businesses. You can find him on LinkedIn, where he regularly posts about technology, business, leadership, and community.