Rowhammer.js: The first remote software-induced hardware-fault attack

A group of Austrian and French researchers have devised a relatively simple way to remotely exploit the Rowhammer bug present in some computer chips. Their version of the attack is JavaScript-based, doesn’t require physical access to the machine or the execution of native code or access to special instructions, and can be performed on millions of users simultaneously.

The existence of the Rowhammer (or Row Hammer) bug is not news: since 2012, chip makers have been aware of the fact that, due to an increasing density of DRAM devices, often repeated signals sent to one row can affect cells in adjacent rows.

In March 2015, researchers from Google Project Zero demonstrated how this type of attack can be performed from a local machine to gain root privileges and to evade a sandbox, but Daniel Gruss, Clementine Maurice, and Stefan Mangard have discovered that you don’t have to have access to the machine.

All you need is to inject JavaScript attack code into a web page, and trick victims into visiting it.

“Our attack is the first remote software-induced hardware-fault attack. It is implemented in JavaScript in Firefox 39, but our attack technique is generic and can be applied to any architecture, programming language and runtime environment that allows producing an efficient stream of memory access instructions,” the researchers shared.

The bad news is that we don’t know how many systems are vulnerable to Rowhammer.js, and that we, as users, can’t do much about preventing such an attack on our computer aside from turning off Javascript on sites we don’t trust.

Chip makers and web browser developers can help by distributing BIOS updates that considerably increase the refresh rate on DRAM modules or by adding Rowhammer tests to browsers.

The good news is that it’s difficult to achieve the wanted result with the attack, as it’s, for example, difficult to flip the right bits needed to gain access to the physical memory of a system and/or gain root access to the machine.