A team of researchers from Google has identified a new Rowhammer attack technique that works against recent generations of dynamic random-access memory (DRAM) chips.
Rowhammer attacks — first discussed in 2014 — involve repeatedly accessing a row of memory in an effort to cause bit flips in adjacent rows, which can be useful for bypassing memory protections. A malicious actor could use Rowhammer to escalate privileges and for other purposes, and researchers have demonstrated over the past years that attacks can be launched remotely and against mobile devices.
JEDEC, an organization that develops open standards and publications for the microelectronics industry, has warned that Rowhammer attacks can pose a “serious threat to cloud service providers, data centers, laptops, smart phones, self-driving cars and IoT devices.”
The vulnerability exists because the memory cells in DRAM chips have been placed very close together to increase capacity and decrease size. This makes it more difficult to prevent cells from electrically interacting with each other.
Rowhammer defenses in many cases assume that the attacker can only cause bit flips in the immediate neighbors of the row they are targeting. However, the new attack method disclosed this week by Google, which researchers have dubbed “Half-Double,” shows that the effects of Rowhammer can extend beyond immediate neighbors, thus bypassing some of the existing defenses.
“Given three consecutive rows A, B, and C, we were able to attack C by directing a very large number of accesses to A, along with just a handful (~dozens) to B. Based on our experiments, accesses to B have a non-linear gating effect, in which they appear to ‘transport’ the Rowhammer effect of A onto C,” the Google researchers explained.
The researchers said the Half-Double attack works against newer generation DRAM chips, but it does not work against older ones, which suggests that the shrinkage of memory cell geometries makes Rowhammer attacks “stronger and longer-ranged.” They also noted that it may be possible to launch attacks that work over distances greater than two rows.
Google has been working with JEDEC and others to come up with mitigations for Rowhammer attacks. JEDEC in March released information on system level and near-term DRAM level mitigations.
“We are disclosing this work because we believe that it significantly advances the understanding of the Rowhammer phenomenon, and that it will help both researchers and industry partners to work together, to develop lasting solutions. The challenge is substantial and the ramifications are industry-wide,” Google researchers said.
Related: Researchers Propose Software Mitigations for Rowhammer Attacks
Related: New Rowhammer Attack Bypasses Existing Defenses

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Unpatched Exim Vulnerabilities Expose Many Mail Servers to Attacks
- Recently Patched TeamCity Vulnerability Exploited to Hack Servers
- CISA Warns of Old JBoss RichFaces Vulnerability Being Exploited in Attacks
- NIST Publishes Final Version of 800-82r3 OT Security Guide
- Johnson Controls Hit by Ransomware
- Verisoul Raises $3.25 Million in Seed Funding to Detect Fake Users
- Government Shutdown Could Bench 80% of CISA Staff
- Google Rushes to Patch New Zero-Day Exploited by Spyware Vendor
Latest News
- Johnson Controls Ransomware Attack Could Impact DHS
- Unpatched Exim Vulnerabilities Expose Many Mail Servers to Attacks
- CISA Kicks Off Cybersecurity Awareness Month With New Program
- Recently Patched TeamCity Vulnerability Exploited to Hack Servers
- Silverfort Open Sources Lateral Movement Detection Tool
- Bankrupt IronNet Shuts Down Operations
- AWS Using MadPot Decoy System to Disrupt APTs, Botnets
- Generative AI Startup Nexusflow Raises $10.6 Million
