Researchers show DDR vulnerability RAMBleed based on Rowhammer
Researchers have discovered a leak with which data can be read from the working memory of a computer. The vulnerability is called RAMBleed and is based on the Rowhammer vulnerability.
RAMbleed was discovered by researchers from the University of Graz in Austria, the University of Michigan, and the University of Adelaide. The researchers managed to use the attack to read an OpenSSH key with an RSA-2048 algorithm from a server.
The leak works similarly to Rowhammer, a 2015 ram leak that allows manipulation of the space between physical bits in working memory. RAMBleed takes advantage of that vulnerability. The big difference is that the data can only be read, but not manipulated. The attack uses bit flipping, a process in which a cryptographic key is read by reading the changes in bits. The leak would also work on memory that uses error code correction, which is normally used to correct bit flips.
The researchers published a proof-of-concept on DDR3 memory, but say the vulnerability can also be exploited in DDR4 memory. Bit flipping attacks on ddr4 have been carried out in the past.