Another day, another discovery of a massive security flaw in the majority of computerized devices on the planet. But this latest one, an exploit named “Rowhammer” or “Row Hammer,” differs from the rest because it's not caused by malware, bad coding, or any other software problem – the problem lies in the hardware itself, specifically in the dynamic random-access memory (or DRAM) chips.
Rowhammer is nothing new — chipmakers have known about the problem since at least 2012, though not until last March did researchers with Google's Project Zero discover an exploit using Rowhammer to gain full kernel privileges over a device.
In computer terms, an “exploit” is a tool used to take advantage of a previously known vulnerability – so when security researchers say “We've discovered a security exploit,” they're saying “We're figured out a new way to take advantage of a previously known flaw.” And a “kernel” is an essential computer program that manages software input/output requests and translates them into data processing instructions. Full kernel privileges on a computer basically gives you access to all memory files and lets you make any changes you want.
Now, security researchers Daniel Gruss, Clementine Maurice, and Stefan Mangard have discovered another Rowhammer exploit which in some ways is even worse than the Project Zero discovery in March. Slate's Future Tense blog explains why: “Previously, taking advantage of Rowhammer required local program execution on a computer—in other words, the computer already needed to be partly compromised. But now, any webpage can potentially exploit Rowhammer to arbitrarily access your data, perhaps even by gaining full control over the computer. And again, it doesn’t matter what operating system you’re using, since the problem is in the physical circuits of your memory chips. As the security researchers explain, it is 'the first remote software-induced hardware-fault attack'.”
Not an easy exploit for hackers
One good thing about Rowhammer, from a computer-security perspective, is that even if a hacker did take advantage of an exploit, it's very hard to control. Basically (and this is an extreme oversimplification of how both DRAM chips and the Rowhammer exploit work), computer chips save all information as binary code. Any concept can be expressed as a series of ones and zeroes, yes-or-no answers, or, in the case of the capacitors on a DRAM chip, electrical impulses flipped on or off. Computer chips and the data saved on them are vulnerable to electromagnetism—that's why, among other things, you're supposed to keep magnets away from computer devices. A strong enough magnet can easily erase the files.
The Rowhammer exploit lets hackers flip unauthorized bits on a chip – change a 1 to a 0 or vice-versa, turn capacitors off or on – but doesn't grant hackers too much control over the process. (The very name “Rowhammer” describes how the exploit works: you basically hammer at a row of memory cells “until they create an electromagnetic interference for the adjacent rows, causing them to lose data and alter normal operation.)
As Future Tense noted, “Rowhammer.js’s bitflips could crash your computer or give a hacker a peek at unauthorized data, but full remote access might prove more of a challenge.” So, as Daniel Gruss said about the exploit he helped to discover, the chances of hackers actually using the Rowhammer.js exploit to attack anyone is pretty low, because there are already much easier ways to accomplish the same thing.