Another Flip in the Row

Conference:  BlackHat USA 2018



The presentation discusses the vulnerability of computer systems to bit flips caused by Rowhammer attacks and the need for better countermeasures.
  • Rowhammer attacks can cause bit flips in computer systems, leading to security vulnerabilities
  • Current countermeasures are not effective enough and more research is needed to fully understand the attacks
  • Attackers can exploit vulnerabilities in network requests, file systems, and cryptography to cause bit flips
  • Optimizing for performance without considering security can lead to vulnerabilities
The presentation includes a demo of an OP code flipping attack on a Ubuntu system, which allows the attacker to gain root privileges without knowing the password


The Rowhammer bug is an issue in most DRAM modules which allows software to cause bit flips in DRAM cells, consequently manipulating data. Although only considered a reliability issue by DRAM vendors, research has showed that a single bit flip can subvert the security of an entire computer system.In the introduction of the talk, we will outline the developments around Rowhammer since its presentation at Black Hat USA 2015.We discuss attacks and defenses that researchers came up with. The defenses against Rowhammer either try to prevent the Rowhammer effect entirely, or at least ensure that Rowhammer attacks cannot exploit the bug anymore. We will present a novel Rowhammer attack that undermines all existing assumptions on the requirements for such attacks. With one-location hammering, we show that Rowhammer does not necessarily require to access two or more addresses alternatingly. We explain that modern CPUs rely on memory-controller policies that enables an attacker to use this new hammering technique. Moreover, we introduce new building blocks for exploiting Rowhammer-like bit flips which circumvent all currently proposed countermeasures. In addition to classical privilege escalation attacks, we also demonstrate a new, easily mountable denial-of-service attack which can be exploited in the cloud. We will also show that despite all efforts, the Rowhammer bug is still not prevented. We conclude that more research is required to fully understand this bug to subsequently be able to design efficient and secure countermeasures.