Technology

GPuhammer: Researchers Prove Rowhammer Attacks Work on GPUs

Researchers have proven: Rowhammer attacks are now also working on graphics cards. Your “GPuhammer” method reduced the accuracy of AI models from 80 to 0.1 percent. But how do you protect yourself from it?

Rowhammer attack on GPU memory

Security researchers from the University of Toronto have uncovered a weak point in graphics card storage systems. Your method, Called “Gpuhammer”demonstrates that Rowhammer attacks, which originally arose for traditional RAM in 2014, can now also be transferred to modern GDDR6 graphics memory. In this type of attack, a dram memory line is repeatedly accessed -or “hammered” -, which can lead to bit flips in neighboring areas through electrical interference.

Proof-of-Concept

In a proof-of-Concept, the researchers showed how the accuracy of neuronal networks could be reduced from 80 to 0.1 percent-and this by a single bit flip. The researchers developed special techniques to use the unique properties of GPU storage systems. GDDR6 memory differs by higher clock rates and more complex timing parameters from traditional RAM. Attacks in cloud environments are particularly risky, where several users use a GPU together. A potential attacker could theoretically sabotage AI models or compromise sensitive data. However, manipulation requires precise control and specific attack conditions.

How does a Rowhammer attack work?

  • 1. Attack method An attacker makes the system very often read in a row. This creates electrical disorders that lead to bits “tipping over” in neighboring lines (from 0 to 1 or vice versa).
  • 2. Bit flips These targeted bit flips can be used to manipulate critical data such as access rights or cryptographic keys.
  • 3. Software -based for the attack, no special hardware or physical access is usually necessary – a specially written program or even a prepared JavaScript on a website is often sufficient.
  • 4. Privileges escalation attackers can obtain higher rights on a system through targeted bit flips, e.g. B. root or administrator rights.
  • 5. Data manipulation It is possible to change or read data in the memory that the attacker should not have access to.
  • 6. Rowhammer is particularly critical in cloud environments, where several users share the same physical memory. Here an attacker can even attack other VMS from a virtual machine.
  • 7. Difficult to patch because it is a hardware problem, Rowhammer cannot simply be remedied by a software update. Many systems therefore remain vulnerable as long as they use affected memory chips.

Protective measures

NVIDIA now recommends activating System-Level Error-Correcting Code (ECC) as a countermeasure. This technology can recognize and correct bit flips, but comes with considerable performance losses of up to 50 percent. But the whole thing still has a problem: Not all graphics cards support ECC – while professional models such as the A6000 or H100 have the function, they are completely lacking in consumer graphics cards.

Share
Published by
Joshua Bato

Recent Posts

Crash in the smartphone market: lowest sales figures in 13 years

The global smartphone market is experiencing a severe downturn, recording its worst quarter in 13…

12 hours ago

Pixel 11: Mega leak shows images and data from the new Google smartphones

Amazon made a big mistake and revealed the entire lineup of the Google Pixel 11…

12 hours ago

Top 10 Payment Card Tools for Everyday Digital Finance

A payment card is easiest to understand when users see how it fits into real…

18 hours ago

OnePlus is ‘dead’: Oppo wants to soon announce its withdrawal from the EU & USA

OnePlus will soon be history. At least in Europe and the USA. What has been…

18 hours ago

Switch 2 OLED: Nintendo is apparently planning a display upgrade after all

Nintendo is reportedly still internally planning an OLED version of the Switch 2 for the…

18 hours ago

Maps: Google launches major visual update with immersive navigation

Google appears to be starting to distribute the new immersive navigation for Google Maps. The…

18 hours ago