Hard on the heels of the first network-based Rowhammer attack, some of the boffins involved in discovering Meltdown/Spectre have shown off their own technique for flipping bits using network requests.
With a gigabit connection to the victim, the researchers reckon, they can induce security-critical bit flips using crafted quality-of-service packets.
Last week, we reported on research called “Throwhammer” that exploited Rowhammer via remote direct memory access (RDMA) channels.
In separate research, Meltdown/Spectre veterans Daniel Gruss, Moritz Lipp and Michael Schwarz of Graz University of Technology and their team have published a paper describing Nethammer (their co-authors are Lukas Lamster and Lukas Raab, also of Graz; Misiker Tadesse Aga of the University of Michigan; and Clémentine Maurice of IRISA at the University of Rennes).
Nethammer works, they said, without any attacker-controlled code on the target, attacking “systems that use uncached memory or flush instructions while handling network requests.