Researchers at Sopho’s have observed a sort of reboot to a classic, mostly theoretical, attack named Rowhammer. This attack involves repeatedly attack a specific address in memory enough to affect the electrical charge causing interference that is able to manipulate values in neighboring memory cells, causing “bitflips”. Binary changes from 0 to 1 or 1 to 0 in the cells.
Each attack referenced above will need to be tailored to the specific CPU and RAM used in the machine. Which alone isn’t much of a deterrent. What researchers who authored the attacks discovered is that SMASH is neutralized when THP (Transparent Huge Pages/Paging) is turned off. To be clear this is specific to the referenced SMASH attack discussed in this brief, and a defense that is current and not future-proof. Binary Defense offers teams of researchers on the Threat Hunting and Counterintelligence teams proactively looking for exploits and theories such as Rowhammer to create actionable methods of detection and mitigation. These teams along with a strong internal IT infrastructure and a Security Operations Center monitoring significantly increase the chance of mitigation and cost-saving when an active or potential breach is observed.