‘RAMBleed’ Rowhammer attack can now steal data, not just alter it
New research by academics from the US, Austria, and Australia outlines an entirely new type of Rowhammer attack that can enable threat actors to steal data from targeted machines, rather than merely tampering with it, as was the case with previous Rowhammer attacks.
Rowhammer is a name for a variety of attacks that exploit vulnerabilities in the way RAM memory cards are designed. The original Rowhammer attack that was discovered in 2014 works by repeatedly reading a row of storage cells on a RAM memory chip until a electrical charge is generated that can be used to alter data stored in other rows on the chip. Various attacks that make use of this technique have been discovered since, but the new variant, dubbed RAMBleed, is the first one that allows for data theft.