Rowhammer Attack

Posted: April 16, 2019

Rowhammer Attack Description

A Rowhammer attack is an exploit where a threat actor floods transistor rows with data for forcing flips. Although the Rowhammer attack requires high technical proficiency, in theory, it can enable remote code execution, which is the lynchpin in attacks for installing threats like backdoor Trojans or spyware. Since it abuses architecture issues that are fundamental to memory design, there is no way to remove the Rowhammer attack's vulnerability, but users can follow standard security guidelines for reducing their level of risk.

The Hardware that Gets Hammered – with Electricity

While most threat actors depend on victims who endanger themselves, one way or another – by downloading a Trojan, letting threatening scripts auto-run in their browser or using an inappropriately-weak password – some will take more initiative than others. The Rowhammer attack shows off both sides of these attacks, with a consequence that gives the attacker gradually-increasing system access. Since its early revealing, its scope of compatible hardware and strategies continues its growth, and most systems can't be said to be completely safe.

A Rowhammer attack uses a 'flooding' technique of executing programs on transistor rows until the electrical leakage affects neighboring sections, which lets a threat actor, gradually, dig deeper and deeper into the system. The programming skill level and time requirements both are substantial, and most threat actors without highly-specific targets wouldn't bother implementing such a tedious vulnerability into their campaigns. It does, however, result in a potential series of exploits leading to the installation of a high-level threat, such as a backdoor Trojan or RAT, which could grant attackers easier access and control over a system.

Unfortunately, some of the newer variants of the Rowhammer attack are more easily implementable than older ones. The 'Throwhammer' version of it can run remotely over high-speed networks by hammering RDMA network devices with specially-crafted packets, the 'GLitch' attack affects Android device GPUs, and, with enough time, attackers could use a Rowhammer attack against highly-sensitive, ECC memory-using systems. ECC hardware includes many IoT devices and computers related to essential infrastructure or the finance sector.

A Hammer's Blow that's Worth Dodging

Users can't disable or remove the possibility of a Rowhammer attack directly, which exploits baseline weaknesses and limitations in the physical layout of memory. What they can do is reduce their vulnerability to an attack by following standard precautionary steps while they're online. The majority of uses for the Rowhammer attack, still, involve tricking a user into opening an e-mail attachment, using a password that attackers could brute-force, etc. Threat actors, then, use privilege-escalating exploits for deepening their access.

A limitation worthy of noting with the remote network-based version of the Rowhammer attack is that it requires a high-data network connection of at least ten Gbps. It calls for tens of thousands of location-specific memory access requests in less than one second, which hampers its practicality for casual threat actors and outright eliminates the possibility on lower-speed connections. Users that do fit this profile should protect their hardware with appropriate, enterprise-level firewalls and other security solutions for reducing the risk of a Rowhammer attack.

The Rowhammer attack is a fundamental, architectural problem whose capacity for harm only increases as the cyber-security industry learns more about it. While malware experts find no cases of its live use by threat actors, its implications for the state of security in critical systems are less than pleasing.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Rowhammer Attack may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.