Google spots DDR4 weakness that could expose your PC to a system takeover
Hopefully making the findings public will encourage a speedier fix.
A new technique for hacking DRAM could expose your DDR4 RAM to attacks, and potential system takeovers. Thankfully, Google is stepping up with the smart idea to make the findings public, in the hopes it will expedite a fix.
Best gaming mouse: the top rodents for gaming
Best gaming keyboard: your PC's best friend...
Best gaming headset: don't ignore in-game audio
The software is a new variant of a known vulnerability called Rowhammer. The vanilla version of the software would compromise the data rattling around your RAM's memory cells by granting hackers ability to access one adjacent row, and modify the content of other memory addresses, by sending multiple access requests.
It's existed for a while and, according to Neowin, it came about thanks to an "electrical coupling phenomenon in silicon chips which bypasses software- and hardware-based protection."
Previously, with DDR3 chips, it was possible for DRAM manufacturers to protect against Rowhammer hacks by implementing logic that would detect and block the dodgy activity. They thought it was all over. Now though, with the advent of DDR4, it's been revealed that the bane of Rowhammer remains a threat, still working through TRRespass and other methods.
Queue the harbingers over at Google, who explain there's a new, even more dangerous, 'Half-double' Rowhammer technique about now, and its been shown to surpass its predecessor by at least one more row, though it's not as effective at accessing deeper into the cache. Still, there is potential it could access deeper rows, exposing even more data.
"Unlike TRRespass, which exploits the blind spots of manufacturer-dependent defenses, Half-Double is an intrinsic property of the underlying silicon substrate," says Google. "This is likely an indication that the electrical coupling responsible for Rowhammer is a property of distance, effectively becoming stronger and longer-ranged as cell geometries shrink down. Distances greater than two are conceivable."
This is all coming out publicly to encourage a collaborative effort to plug the compromise as soon as possible. Google is also working with industry partners like semiconductor standards organisation JEDEC to get the ball rolling. You can see what they've come up with so far here, and here.
The biggest gaming news, reviews and hardware deals
Keep up to date with the most important stories and the best deals, as picked by the PC Gamer team.
Screw sports, Katie would rather watch Intel, AMD and Nvidia go at it. Having been obsessed with computers and graphics for three long decades, she took Game Art and Design up to Masters level at uni, and has been rambling about games, tech and science—rather sarcastically—for four years since. She can be found admiring technological advancements, scrambling for scintillating Raspberry Pi projects, preaching cybersecurity awareness, sighing over semiconductors, and gawping at the latest GPU upgrades. Right now she's waiting patiently for her chance to upload her consciousness into the cloud.