SN 1017: Is YOUR System Vulnerable to RowHammer? - Telegram's Crypto, Twitter Outage, FBI Warning - podcast episode cover

SN 1017: Is YOUR System Vulnerable to RowHammer? - Telegram's Crypto, Twitter Outage, FBI Warning

Security Now (Audio)
Mar 19, 20253 hr 54 minEp. 1017
--:--
--:--
Listen in podcast apps:
Metacast
Spotify
Youtube
RSS

Episode description

  • An analysis of Telegram Messenger's crypto.
  • A beautiful statement of the goal of modern crypto design.
  • Who was behind Twitter's recent outage trouble?
  • An embedded Firefox root certificate expired. Who was surprised?
  • AI-generated Github repos, voice cloning, Patch Tuesday and an Apple 0-day.
  • The FBI warns of another novel attack vector that's seeing a lot of action.
  • Google weighs in on the Age Verification controversy.
  • In a vacuum, Kazakhstan comes up with their own solution.
  • Was Google also served an order from the UK? Can they say?
  • A serious PHP vulnerability you need to know you don't have.
  • A bunch of great listener feedback, some Sci-Fi content reviews and...
  • A new tool allows YOU to test YOUR PCs for their RowHammer susceptibility

Show Notes - https://www.grc.com/sn/SN-1017-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to Security Now at https://twit.tv/shows/security-now.

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit

Sponsors:

Transcript

Primary Navigation Podcasts Club Blog Subscribe Sponsors More… Tech Is Your RAM at Risk? How to Test for the Decade-Old Rowhammer Vulnerability

Mar 21st 2025 by Benito Gonzalez

AI-created, human-edited.

In a recent episode of Security Now, hosts Steve Gibson and Leo Laporte discussed an opportunity for listeners to participate in groundbreaking security research surrounding the infamous Rowhammer vulnerability. This rare chance allows everyday users to contribute meaningful data to researchers studying this persistent hardware security issue that has plagued RAM modules for over a decade.

First discovered in 2014, Rowhammer is a hardware vulnerability affecting dynamic random-access memory (DRAM). As Gibson explained, the vulnerability emerged from the industry's push to increase RAM density. As manufacturers "squeezed every last bit of noise margin out of their designs," they created an unexpected security weakness.

The attack works by repeatedly accessing specific rows of memory cells (hence the name "row hammer"), which can cause bit flips in adjacent rows. These bit flips can potentially be weaponized to "completely collapse and bypass the security boundaries and guarantees upon which all modern computing relies for its operational security," according to Gibson.

Over the past decade, Rowhammer attacks have evolved significantly. Originally affecting DDR3 memory, researchers have since demonstrated successful attacks against DDR4 and even the newest DDR5 memory. What began as exploits requiring native code on Intel x86 systems now extends to:

Mobile ARM processorsAMD x86 desktop processorsJavaScript-based attacksEven remote attacks via network packets

Despite industry efforts to mitigate the vulnerability with various defensive techniques (including ECC memory, doubled refresh rates, and targeted row refresh), researchers continue to find ways around these protections.

Despite extensive academic research, a critical question remains unanswered: what is the real-world prevalence of Rowhammer vulnerability? How many systems in their current configurations are actually vulnerable?

This is where the "Flippy RAM" project comes in. At the 38th Chaos Communication Congress in Germany (December 2024), a trio of academic researchers presented a framework designed to determine whether individual systems are vulnerable to Rowhammer attacks. More importantly, they've created an open-source testing tool that anyone can download and run to contribute data to this important research.

Gibson himself tested the tool and shared his experience with listeners. Here's how you can join the effort:

Visit https://flippyr.am to download the ISO imageFlash it to a USB thumb driveBoot your system from the thumb driveSpecify how long you want the test to run (default is 8 hours)Confirm your participation in the studyWait for the test to complete

Once finished, you'll receive a summary of results on screen, with detailed data stored on your thumb drive. You can then choose to upload these results anonymously to contribute to the research.

Gibson noted that the test takes significant time due to the probabilistic nature of Rowhammer attacks. He ran the test on his Zima board and on a next-generation server platform (which, as expected, showed no vulnerabilities due to its ECC memory).

Despite all the academic research since 2014, there have never been reports of actual Rowhammer attacks in the wild. This situation is reminiscent of the Y2K concern, where massive preemptive efforts may have prevented real-world problems.

By contributing to this research, users can help determine just how prevalent and practical Rowhammer vulnerabilities are across different hardware configurations. This data could prove invaluable for future security measures and hardware designs.

As Gibson urged listeners, "It'd be fun to share some of our listeners' results and also submit your data to them. It's all anonymous, no information that you care about."

For those wanting a deeper understanding of Rowhammer and the research project, Gibson recommended checking out the full Chaos Communication Congress presentation, which is available with multilingual soundtracks.

Share: Copied! Security Now #1017
Mar 18 2025 - Is YOUR System Vulnerable to RowHa…
Telegram's Crypto, Twitter Ou… All Tech posts Contact Advertise CC License Privacy Policy Ad Choices TOS Store Twitter Facebook Instgram YouTube Yes, like every site on the Internet, this site uses cookies. So now you know. Learn more Hide Home Schedule Subscribe Club TWiT About Club TWiT FAQ Access Account Members-Only Podcasts Update Payment Method Connect to Discord TWiT Blog Recent Posts Advertise Sponsors Store People About What is TWiT.tv Tickets Developer Program and API Tip jar Partners Contact Us
Transcript source: Provided by creator in RSS feed: download file