zervanko
Posts: 14
Joined: Sat Jun 23, 2018 6:36 pm

Is Raspberry Pi affected by "rowhammer" vulnerability?

Sun Jul 01, 2018 3:01 pm

Due to news about RAMPage (Android vulnerability), I found out about the thing, that called "rowhammer". So is Raspberry Pi vulnerable to rowhammer attack. Actually, I care about Raspberry Pi 3.

wildfire
Posts: 705
Joined: Sat Sep 03, 2016 10:39 am
Location: Dundee, Scotland

Re: Is Raspberry Pi affected by "rowhammer" vulnerability?

Sun Jul 01, 2018 3:46 pm

The Pi uses DDR2 RAM, so no rowhammer is not an issue.
E8 85 A2 40 C9 40 81 94 40 81 95 40 89 84 89 96 A3
Still NF Shirls

zervanko
Posts: 14
Joined: Sat Jun 23, 2018 6:36 pm

Re: Is Raspberry Pi affected by "rowhammer" vulnerability?

Sun Jul 01, 2018 3:59 pm

wildfire wrote:
Sun Jul 01, 2018 3:46 pm
The Pi uses DDR2 RAM, so no rowhammer is not an issue.
It uses LPDDR2, which is not the same as DDR2

User avatar
The Traveler
Posts: 403
Joined: Sat Oct 21, 2017 3:48 pm

Re: Is Raspberry Pi affected by "rowhammer" vulnerability?

Sun Jul 01, 2018 4:06 pm

It uses LPDDR2, which is not the same as DDR2
"Row hammer rarely or never affects DDR and DDR2 SDRAM modules." from Wikipedia article.
The biggest difference is LPDDR2 is "low power" consumption. So it's highly unlikely that row hammer affects it.

Cheers.
RPi interests: Coding an Infinite Improbability Drive. In C.
Old Assembler programmers don't die. They just disassemble.

zervanko
Posts: 14
Joined: Sat Jun 23, 2018 6:36 pm

Re: Is Raspberry Pi affected by "rowhammer" vulnerability?

Sun Jul 01, 2018 4:18 pm

The Traveler wrote:
Sun Jul 01, 2018 4:06 pm
It uses LPDDR2, which is not the same as DDR2
"Row hammer rarely or never affects DDR and DDR2 SDRAM modules." from Wikipedia article.
The biggest difference is LPDDR2 is "low power" consumption. So it's highly unlikely that row hammer affects it.

Cheers.
But here you can see, that RAMPage works on LPDDR2 https://www.bleepingcomputer.com/news/s ... erability/ and here https://www.androidcentral.com/rampage-exploit-android that DDR2 also affected. Wikipedia is lying or I do not understand something?

User avatar
The Traveler
Posts: 403
Joined: Sat Oct 21, 2017 3:48 pm

Re: Is Raspberry Pi affected by "rowhammer" vulnerability?

Sun Jul 01, 2018 4:34 pm

Wikipedia is lying or I do not understand something?
"The vulnerability could allow an adversary to create an exploit to gain administrative control over targeted Android smartphones and tablets. The flaw impacts Android devices dating back to 2012."

In this business, nothing is 100%, there's always a vulnerability somewhere. You'll note this in this new variation the attacks are focused on Android devices using the ION memory management code. That makes it fairly specific. It's the "likelihood" that is the concern. If you're worried that your device might get hacked, then take precautions to make is as hard as possible to access it. Use best practices to ensure that your device(s) are as secure as you can make them.

Otherwise, I wouldn't lose any sleep over it.

Cheers.
RPi interests: Coding an Infinite Improbability Drive. In C.
Old Assembler programmers don't die. They just disassemble.

Return to “Advanced users”