Although the first DDR memory prototype wasn’t unveiled to the public until 1997, the technology actually has roots that date back to the 1980s. This has given IT experts plenty of time to work with the technology, including the newest breakthroughs like DDR4 and DDR5 for use in high-end PCs and other devices. Unfortunately, this has given hackers plenty of time to figure out their own exploits, too.
White Hat Hackers
Thankfully, the hackers responsible for cracking DDR4 memory, known as COMSEC, are a group of white hat hackers – ethical hackers. With no harmful intentions, it seems the group’s top priority was calling attention to the vulnerabilities that are inherent with current DRAM technology and its related hardware.
Moreover, their latest project, referred to as Blacksmith was fully supported by the Swiss National Science Foundation. The organization even provided funding in the way of a grant for their research.
What is Blacksmith?
The group’s project, which is technically a known as a Rowhammer fuzzer, works by exploiting leaking charges that are present in DRAM cells. It then introduces a series of bit flips into the DRAM memory, essentially changing 0s to 1s vice versa and triggering a target row refresh, or TRR.
It’s this TRR that lets hackers gain a near-unrestricted level of system access. Malicious hackers can use the exploit to introduce their own malicious codes or to access confidential information. But PCs aren’t the only devices affected. Nearly all devices that use DDR4 RAM, including modern Android smartphones, are potentially vulnerable.
A recent post by COMSEC explained the entire project in detail, saying, in part: “We demonstrate that it is possible to trigger Rowhammer bit flips on all DRAM devices today despite deployed mitigations on commodity off-the-shelf systems with little effort. This result has a significant impact on the system’s security as DRAM devices in the wild cannot easily be fixed, and previous work showed real-world Rowhammer attacks are practical.”
Testing Criteria
Significant amounts of research and development when into the Blacksmith project. The COMSEC team tested 40 DDR4 devices from three of the most popular manufacturers – including Micron, Samsung, and SK Hynix, as well as four other devices without an identified manufacturer.
After running their Blacksmith fuzzer for a period of 12 hours on each individual device, the program was able to successfully cause bit flipping on every single device. The team also concluded that some devices were more susceptible to others, although, to protect the companies and their users, they did not clarify which manufacturers these were.
Their expose concludes with the warning that most DDR4 devices will be vulnerable for years to come. Since DRAM devices are not able to update once they’re in the hands of consumers, users have little recourse.
COMSEC’s report went on to say: “Triggering bit flips has become more easy on current DDR4 devices, which facilitates attacks. As DRAM devices in the wild cannot be updated, they will remain vulnerable for many years.”''
DDR4 Memory Protections Compromised
Comments
No comments yet. Sign in to add the first!