The Present Threat of Row Hammer Attacks
In 2014 Google researchers discovered strange interference between memory locations in DDR3, DDR4, and DDR5 Random Access Memory (RAM.) On closer inspection the team discovered that repeated access to memory addresses at high volume could create residual magnetic disturbances strong enough to alter data in physically adjacent memory. This project caused a landslide of research on attack vectors that spanned from privilege escalation and sandbox escapes to remote code execution over a network. Despite numerous attempts to fix the problem, row hammer remains a modern difficult to protect against threat.
TLDR intro
The security industry exists for one reason: risk reduction. All organizations have risk and successful businesses learn to manage that risk before it causes problems for their reputation, finances, personnel, or business continuity. Cyber security approaches this problem by itemizing known risks and applying mitigations to prevent business impact. This process works fine when patches exist and fixes are known. When known fixes for problems are costly or extreme, organizations must choose between exiting the business or accepting the risk. In the case of row hammer, the risk is incredibly high and although the attack takes drastic amounts of funding and research to reproduce, known threat actors have both capabilities. To date there are no publicly known breaches using this method, but it is to be expected one will come soon.
