Every Intel chip is vulnerable to the Rowhammer bug

Researchers show how to remotely exploit the DRAM “Rowhammer” bug by using JavaScript

Security researchers believe that the cyber attackers could adapt the existing Rowhammer exploits to their attack techniques and easily gain root privileges to the computer.

A team of Austrian and French security researchers have now discovered a new security exploit which they refer as “Rowhammer”. As per the researchers this vulnerability can be exploited remotely by using JavaScript.

The team claims this to be the first remote software-induced hardware fault attack.

The downside here is that it is a hardware flaw and not a software flaw, thus it could be present in any computer which has the Intel Processor built since 2009.

The next bad news is that hackers can exploit this flaw through any webpage.

Researchers say that there is a design defect in the Intel’s ‘Dynamic Random Access Memory’ or DRAM chips which provides an easy access to the malicious hackers who are just waiting for the right opportunity to attack the user and collect their personal credentials.

The security researchers say that memory cells in DRAM chips are placed closely, this is done to increase the capacity and decrease the size. However it is this particular placing of the memory cells which leads to the vulnerability, because it becomes difficult to prevent the cells from electrically interacting with each other and repeated access of specific memory locations results in bit flips which can be exploited by the hackers for privilege escalation.

Websites usually have the JavaScript codes which aids in easy navigation of the site. It is due to the JavaScript coding that users can get access to the interactive tools such as drop-down menus and animations, so we can say that JavaScript is ubiquitous and can be found on almost all the websites on the Internet.

Now, coming back to our topic, these malicious hackers use the JavaScript coding on the websites to get an access to the security vulnerability in the DRAM chips present in the Intel computer chips.

Next, hackers amalgamate the animations or images with their malware and just wait patiently for the user to click this file. Once user clicks the malicious animation or image, the crooks get an easy access to their computer.

The research paper published last week reads “Rowhammer.js is possible because today’s JavaScript implementations are well optimized and achieve almost native code performance for our use case. JavaScript is strictly sandboxed and the language provides no possibility to retrieve virtual or physical addresses. However, the usage of large pages allows determining parts of the physical address.”

Proof-of-Concept (PoC)

The team of security researchers comprising of Daniel Gruss Graz from University of Technology, Austria, Cl´ementine Maurice Technicolor, Rennes, France and Stefan Mangard Graz University of Technology, Austria have published a detailed Proof-of-Concept on the Rowhammer bug which can be accessed here.

Now, Windows as well as Mac computers use Intel chips, which means any computer holds the risk of getting infected by the hackers at any point of time.

Another bad news is that there is no patch, as of now, to fix this issue!

Researchers say that the flaw is not related to the Web server or search engine; however it is something to do with the hardware and internal parts of the computer. Hence, the only solution for now would be to actually replace millions of DRAM chips which are present in the CPU of the computer.

Hopefully, Intel is working to get some solution to this issue soon.

For now, Apple and other hardware manufacturers have released BIOS updates to reduce the Rowhammer attacks.

However, it is a fact that most of the users never update the BIOS and hence the security experts have advised the browser vendors to incorporate certain mechanisms in their products which will protect users against the Rowhammer attacks.

Subscribe to our newsletter

To be updated with all the latest news

Maya Kamath
Maya Kamathhttps://www.techworm.net/
Content writer with unending love to pen down my thoughts and views regarding the new technological inventions as well as probe into the current affairs. Feel as if i am free bird who can actually live life at my pace.


    • * Okay I don’t know why my comment was removed before. I didn’t use any profanity. It’s not my fault the author assumes EVERY computer in thew world uses an Intel processor chip. Here is my comment again. if this gets removed, then this is a disreputable site and author who is a hypocrite for allowing “some” comments but not others.

      “Windows as well as Mac computers use Intel chips, which means any computer holds the risk of getting infected by the hackers at any point of time.”

      Any computer? Maya Kamath, did you forget about AMD? They might not be a large chip-maker company, but they DO exist. Not all computers have Intel processors. I have an AMD Kaveri A10-7870K, which makes me immune to this particularly damaging exploit :^) … and as such, anyone else with an AMD processor is also immune. It’s good have a genuine AMD64 architecture processor instead of a reverse-engineered AMD knock-off made by Intel. What an Interesting twist of fate that AMD’s inability to move to the smaller-scale die-shrinks Intel can afford has bestowed them with a built-in hardware advantage.


Please enter your comment!
Please enter your name here

Subscribe to our newsletter

To be updated with all the latest news

Read More

Suggested Post