Rowhammer is an attack technique that makes use of fundamental defects in DRAM design. It is an efficient technique in targeting DRAM. With the advancement in the technology, it is possible to pack more amount of DRAM in a given area by reducing the gaps between the DRAM cells. The shrunken DRAM nodes make it further susceptible to an attack by techniques like Rowhammer.
Through the specific DRAM rows, the Rowhammer reads data repeatedly. This causes fluctuations in other DRAM rows and columns, leading to bit flip. These voltage fluctuations eventually lead to disturbance in the memory protection model.
Initially, it was assumed that these attacks need executing native code, which is now demonstrated that the codes need not be native. These codes can be executed in JavaScript. It is serious as it can be employed to dismantle various protections, keeping data secure. It directly launches attack in hardware that is below the detection ability of standard antivirus or typical security software.
With the discovery of Rowhammer, Samsung stated that the DDR4 is insensitive to the attack method because of its use of Targeted Row Refresh. With quick refreshing of the DRAM, Rowhammer's ability is reduced to an extent.
With the reduced bit flips, the time available for operation is less. However, with the high rates of DRAM refresh, there is a huge impact on DRAM power consumption as well as performance.
Micron pursed Samsung statement and implemented TRR mode in its credentials of hardware. Third I/O's contrast demonstrated that in Micron's case, this insurance is inadequately enforced.
Error Correcting Code memory is a best imperfect solution. There is no consolidated single requirement for ECC memory. The promoted efficiency is allowed to discover and fix single-bit mistakes.
This issue simply remains unresolved yet and the DDR4 transition does not give that resolution.