Remember the Rowhammer vulnerability that made headlines?

2019 saw all sorts of unusual threats, so if you're struggling to recall the details of that one in particular, here's a quick review:

Any time a modern RAM card handles data, it is saved in memory cells that are arranged in a grid pattern on the card's plastic base.

It's a neat, orderly, symmetrical design that is incredibly efficient, allowing smart engineers to cram a tremendous number of memory cells onto a surprisingly small surface area. The problem is that the orderly arrangement also makes it possible that there can be electrical interference between adjacent memory cells. This, in a nutshell, is what the Rowhammer attack does.

Possible solutions?

It's important to note that to date, no Rowhammer attacks have been seen in the wild. However, engineers quickly realized that inevitably, some hacker group or another would work out a means of exploiting this to cause real harm to vulnerable systems. To that end, they began casting about for solutions. Unfortunately, a viable solution to the problem seems to be more difficult than first meets the eye. A recent survey of the RAM widely used in today's PCs and smartphones reveals that virtually all of them are still vulnerable to this type of attack.

Understand that the industry hasn't been standing still on this issue. To date, there have been no less than a dozen potential solutions put forth by equipment manufacturers. Each time, researchers on the academic side have managed to break the proposed solution, putting everyone back to square one.

At this point, a solution is as elusive as ever, with an industry insider admitting that "Unfortunately, due to the nature of these vulnerabilities, it will take a long time before effective mitigations will be in place."

Our perspective

Right now there's no solution and there's no defense against a Rowhammer attack. Thankfully, we still haven't seen one in the wild, but that day is no doubt coming.

~ As Hill Street Blues' Sgt. Esterhaus always advised: "Hey, let's be careful out there! " ~

 

Meanwhile, check out this report

This free executive report may give you insights into how to build your business with safe IT environments: 10 Hidden IT Risks That Might Threaten Your Business and 1 Easy Way to Find Them

The author

Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPia Blogs. I am also available on LinkedIn, Facebook, and Twitter.

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT SupportI am Denis Wilson, President and Principal Consultant for DWP Information Architects. I help professionals grow their business by building a foundation of rock-solid information solutions for smaller healthcare, insurance, financial, legal, and nonprofits firms in Ventura County and San Fernando Valley. And have created cost-effective IT solutions, for over 20 years, specializing in cybersecurity and regulatory compliance. I am also a published author and speaker, working extensively with a variety of organizations, as well as providing small business technology education programs through business and professional associations. This just in: I will be speaking regularly at California Lutheran University's Center for Nonprofit Leadership starting in September.

Contact me if you would like me to speak at your association