Are there any observed Rowhammer attacks in the wild

Question

Due to the latest news regarding Rowhammer and its applicability to ECC DRAM, I was wondering whether there are any Rowhammer attacks spotted in the wild. Given the various approaches to conduct a Rowhammer attack (on X86, ARM, via JavaScript or remote), I am curious to know whether, from a practical point of view, it is still more of a conceptual attack than being an attack vector that is actively exploited.

So far, my research did not come up with a single security incident that could be attributed to Rowhammer.

Remember that most attacks do not get publicity. In fact, many attacks aren't even _noticed_. — forest, Jan 02 '19 at 13:15
+1 to Forest. Here is a whitepaper/presentation given on the topic at Blackhat in 2015. They even have github demo code. https://www.blackhat.com/docs/us-15/materials/us-15-Seaborn-Exploiting-The-DRAM-Rowhammer-Bug-To-Gain-Kernel-Privileges.pdf — thepip3r, Jan 02 '19 at 20:46
Thanks thepip3r. I am aware of the PoC and all the work of other folks like Gruss et al. who are actively pushing things w.r.t Rowhammer issue. Given all the exploitable systems and different approaches to circumvent most mitigation techniques (including TRR, MAC, doubles refresh rate, etc.) this question arised, as I was expecting that somebody must have observed RH-attacks in the wild. — user1192748, Jan 03 '19 at 08:41
@user1192748 Would a totally anecdotal "yes, because I've used it in the wild" answer count, or does it need to involve a large-scale and highly publicized breach? — forest, Feb 21 '19 at 06:59

Overmind · Answer 1 · 2019-01-21T13:15:48.650

0

It is not observed by us (or better said not widely reported) because it generally was considered impractical. But in several occasions, even recently, it has been demonstrated to be doable (at blackhat too).

So Row-hammer attacks are still a realistic threat even to modern systems, which is most disturbing. Since defenses get better, attackers will likely target more hardware bugs, even if the hardware must me more specific.

I think we will see something public if the attacked target will be large/important enough.

RH resources here

Also see DRAMMER

edited Jan 21 '19 at 13:15

answered Jan 21 '19 at 12:21

Overmind

8,779
3
19
28

I always find it problematic to state that something is "not observed". Maybe there is a paper in Spanish, Japanese or Suaheli that you (and a lot of other people) did not read. I would suggest "not widely reported". – Tom K. Jan 21 '19 at 12:54
I agree. I meant not observed by us users. – Overmind Jan 21 '19 at 13:14
1

"Since defenses get better" Reference please :) – Conor Mancone Jun 09 '21 at 17:35

Are there any observed Rowhammer attacks in the wild

1 Answers1