CybersecuritySerious Security Vulnerabilities in DRAM Memory Devices

Published 17 November 2021

Researchers have discovered major vulnerabilities in DRAM memory devices, which are widely used in computers, tablets and smartphones. The vulnerabilities have now been published together with the National Cyber Security Centre, which for the first time has assigned an identification number for it.

When browsing the internet on a laptop computer or writing messages on a smartphone, we all like to think that we are reasonably safe from hacker attacks as long as we have installed the latest software updates and anti-virus software. But what if the problem lies not with the software, but with the hardware? A team of researchers led by Kaveh Razavi at ETH Zurich, together with colleagues at the Vrije Universiteit Amsterdam and Qualcomm Technologies, have recently discovered fundamental vulnerabilities affecting the memory component called DRAM at the heart of all modern computer systems.

The results of their research have now been accepted for publication at a flagship IT security conference, and the Swiss National Cyber Security Centre (NCSC) has issued a Common Vulnerabilities and Exposures (CVE) number. This is the first time that a CVE identification has been issued by the NCSC in Switzerland (see box below). On a scale of 0 to 10, the severity of the vulnerability has been rated as 9.

The Weakness of DRAM
“An underlying, well-known problem with DRAMs is called Rowhammer and has been known for several years”, Razavi explains. Rowhammer is an attack that exploits a fundamental weakness of modern DRAM memories. DRAM is short for Dynamic Random Access Memory, where “dynamic” means that all the data stored in it is volatile and has to be refreshed quite often – in fact, more than ten times per second. This is because DRAM chips only use a single capacitor-transistor pair to store and access one bit of information.

The capacitors leak charge over time, and once they have leaked too much charge, the computer no longer knows whether the value of the stored bit was “1” (which might correspond to high charge) or “0” (low charge). On top of that, every time a memory row is activated in order to be read out or written onto (the bits are arranged in a checkerboard-like pattern of rows and columns), the currents that flow inside the chip can cause the capacitors in neighbouring rows to leak charge faster.