Is Your RAM at Risk? How to Test for the Decade-Old Rowhammer Vulnerability
AI-created, human-edited.
In a recent episode of Security Now, hosts Steve Gibson and Leo Laporte discussed an opportunity for listeners to participate in groundbreaking security research surrounding the infamous Rowhammer vulnerability. This rare chance allows everyday users to contribute meaningful data to researchers studying this persistent hardware security issue that has plagued RAM modules for over a decade.
First discovered in 2014, Rowhammer is a hardware vulnerability affecting dynamic random-access memory (DRAM). As Gibson explained, the vulnerability emerged from the industry's push to increase RAM density. As manufacturers "squeezed every last bit of noise margin out of their designs," they created an unexpected security weakness.
The attack works by repeatedly accessing specific rows of memory cells (hence the name "row hammer"), which can cause bit flips in adjacent rows. These bit flips can potentially be weaponized to "completely collapse and bypass the security boundaries and guarantees upon which all modern computing relies for its operational security," according to Gibson.
Over the past decade, Rowhammer attacks have evolved significantly. Originally affecting DDR3 memory, researchers have since demonstrated successful attacks against DDR4 and even the newest DDR5 memory. What began as exploits requiring native code on Intel x86 systems now extends to:
- Mobile ARM processors
- AMD x86 desktop processors
- JavaScript-based attacks
- Even remote attacks via network packets
Despite industry efforts to mitigate the vulnerability with various defensive techniques (including ECC memory, doubled refresh rates, and targeted row refresh), researchers continue to find ways around these protections.
Despite extensive academic research, a critical question remains unanswered: what is the real-world prevalence of Rowhammer vulnerability? How many systems in their current configurations are actually vulnerable?
This is where the "Flippy RAM" project comes in. At the 38th Chaos Communication Congress in Germany (December 2024), a trio of academic researchers presented a framework designed to determine whether individual systems are vulnerable to Rowhammer attacks. More importantly, they've created an open-source testing tool that anyone can download and run to contribute data to this important research.
Gibson himself tested the tool and shared his experience with listeners. Here's how you can join the effort:
- Visit https://flippyr.am to download the ISO image
- Flash it to a USB thumb drive
- Boot your system from the thumb drive
- Specify how long you want the test to run (default is 8 hours)
- Confirm your participation in the study
- Wait for the test to complete
Once finished, you'll receive a summary of results on screen, with detailed data stored on your thumb drive. You can then choose to upload these results anonymously to contribute to the research.
Gibson noted that the test takes significant time due to the probabilistic nature of Rowhammer attacks. He ran the test on his Zima board and on a next-generation server platform (which, as expected, showed no vulnerabilities due to its ECC memory).
Despite all the academic research since 2014, there have never been reports of actual Rowhammer attacks in the wild. This situation is reminiscent of the Y2K concern, where massive preemptive efforts may have prevented real-world problems.
By contributing to this research, users can help determine just how prevalent and practical Rowhammer vulnerabilities are across different hardware configurations. This data could prove invaluable for future security measures and hardware designs.
As Gibson urged listeners, "It'd be fun to share some of our listeners' results and also submit your data to them. It's all anonymous, no information that you care about."
For those wanting a deeper understanding of Rowhammer and the research project, Gibson recommended checking out the full Chaos Communication Congress presentation, which is available with multilingual soundtracks.
