Recently, a consortium of academics from ETH Zurich and Google has found a new type of RowHammer attack focusing on Double Data Rate 5 (DDR5) memory chips from South Korean semiconductor vendor SK Hynix. The Phoenix RowHammer Attack has the potential to bypass strong, modern protection mechanisms adopted to prevent the attacks.
ETH Zurich reported that triggering RowHammer bit flips on DDR5 devices from SK Hynix is possible on a greater scale. They have also proved that on-die ESS does not prevent RowHammer and thus, the end-to-end attacks are still possible with DDR5. Here, I will discuss everything about the Phoenix RowHammer Attack and its potential impact.
What is the Phoenix RowHammer Attack?
RowHammer is essentially a hardware vulnerability that allows multiple accesses to a row of memory in a DRAM chip to cause bit flips in adjacent rows. This results in data corruption, which can be used as a weapon by bad actors to acquire unauthorized access to data. Unsurprisingly, it escalates privileges and even results in denial of service.
Although first shown in 2014, future DRAM chips are likely prone to RowHammer attacks as DRAM producers rely on density scaling to boost DRAM capacity. Reportedly, in 2020, it was found that ‘latest DRAM chips are more prone to RowHammer because as device feature size reduces, the number of activations required to trigger a RowHammer bit flip also decreases.
More research in this subject has show that the vulnerability has many parameters and that it is sensitive to multiple variables, including environmental conditions, process variation, stored data patterns, memory access patterns, and memory control policies.
What are the Mitigations for the Phoenix RowHammer Attack?
Some of the major mitigations for Phoenix RowHammer Attack include Error Correction Code and Target Row Refresh. However, these countermeasures have been proven ineffective against the advanced attacks like TRRespass, SMASH, Half-Double, and Blacksmith.
The recent findings from ETH Zurich and Google revealed that bypassing sophisticated TRR fences is possible on DDR5 memory. This opens the door for what the researchers refer to as ‘the first-ever Row-Hammer privilege escalation exploit on a standard, production-grade desktop system equipped with DDR5 memory’.
In simple terms, the end result is a privilege escalation exploit that acquires root on a DDR5 system with default settings in as less as 109 seconds. More importantly, the Phoenix RowHammer Attack benefits from the fact that mitigation does not sample some refresh intervals to flip bits on all 15 DDR 5 memory chips in the test pool, which were generated between 2021 and 2024. You can gain more knowledge on DDR5 here.
Significant exploitation scenarios include such bit flips, allowing for focusing on RSA-2048 Keys of a co-located virtual machine to bypass SSH authentication and using the Sudo binary to increase the local privileges to root user.
What’s the Recommendation?
As DRAM devices in the wild cannot be updated, they will continue to be vulnerable for several years. Hence, the researchers recommend increasing the refresh rate by 3x, which can stop Phoenix from affecting bit flips on the test systems. After the research teams explained two different Phoenix RowHammer Attacks, the disclosure was made by teams from George Mason University and the Georgia Institute of Technology, named OneFlip and ECC.fail.
Although OneFlip causes a trigger to a single bit flip, changing Deep Neural Network mode weights and triggering unintended behavior, ECC.fail is defined as the first end-to-end Phoenix RowHammer Attack, which is strong against DDR5 server machines with ECC memory.
The researchers also reveal that servers have additional security against memory data corruption, such as error-correcting codes, unlike their PC counterparts. These can spot bit flips in memory and significantly correct them. ECC.fail circumvents these security measures by intentionally triggering RowHammer bit flips at specific memory locations. To learn more about prevention measures, you can read on ‘how to prevent ransomware attacks’.
Challenges with RowHammer Attack Assessment
Addressing RowHammer attacks requires developing something that is difficult for an attacker to trigger bit flips from software. Hence, for effective mitigation, we should realize how a determined adversary launches memory accesses that break existing mechanisms. Three main information components can help with such an assessment:
- How do the improved TRR and in-DRAM ECC work?
- How do memory access patterns from software change in low-level DDR prompts?
- How do any mitigations like ECC or TRR work?
The initial step is mainly difficult and includes reverse-engineering the proprietary in-DRAM TRR mechanism that depends on different manufacturers and device models. You can understand reverse engineering more with this framework. This process needs the ability to issue specific DDR commands to DRAM and analyse its responses, which is problematic on an off-the-shelf system. Hence, specialised evaluation tools are crucial.
The second and third steps include the evaluation of the DDR traffic between the host processor and DRAM. This could be done with the help of an off-the-shelf interpose, a tool that stays between the processor and DRAM. A critical part of this evaluation is understanding how a live system converts software-level memory access into the DDR protocol.
The final step is the evaluation of host-side mitigations, which is often optional. For instance, host-side ECC is activated by default on servers, while host-side TRR has only been adopted in certain CPUs.
RowHammer Testing Platforms
DDR5 RDIMM Platform
A new DDR5 Tester board to address the hardware needs of Registered DIMM (RDIMM) memory, usual found in server systems
SO-DIMM Platform
A version which backs the standard SO-DIMM pinout suitable for off-the-shelf DDR5 SO-DIMM memory sticks, general in workstations and end-user devices.
What Lessons Can Be Learned?
It can be understood that present prevention mechanisms for Phoenix RowHammer attacks are not enough, and the issue continues to be a common problem across the industry. They make it more challenging but not impossible to conduct the malicious attacks, as the attacks need a detailed understanding of the particular memory subsystem structure they want to target.
Current mitigation strategies, dependent on TRR and ECC, depend on probabilistic countermeasures that are not sufficient. After understanding how TRR works, analysts can develop particular memory access patterns to decode it. Moreover, the existing ECC architecture was not developed as a security measure and is thus inefficient in finding errors.
Memory encryption could be used alternatively for RowHammer attacks. However, the present evaluation is that it does not offer any major defense against RowHammer without cryptographic integrity. Hence, further research is required to find a practical solution.
