conference logo

Playlist "32C3: gated communities"

Rowhammer.js: Root privileges for web apps?

Clémentine Maurice and Daniel Gruss

"Insanity: doing the same thing over and over again and expecting different results."
Albert Einstein - Who did not live long enough to see Rowhammer

Recent studies have found that repeated accesses to DRAM rows can cause random bit flips, resulting in the so called Rowhammer vulnerability. We present Rowhammer.js, the first remote software-induced hardware-fault attack, from JavaScript. We also extend our presentation with an overview of cache side-channel attacks, that use the same technique to evict data from the cache.