Thread: Neo900 - finally a successor of N900
View Single Post
joerg_rw's Avatar
joerg_rw is offline joerg_rw
2016-10-24 , 21:33
Posts: 2,222 | Thanked: 12,651 times | Joined on Mar 2010 @ SOL 3
#2830
Originally Posted by mithrandir View Post
According to https://en.m.wikipedia.org/wiki/Row_hammer there have been Javascript implementations of Rowhammer. Thus the Drammer attack could also be possible in Javascript and not only by installing an application.
Bummer! Hardly anything you can do about it except hardening JS interpreter so it doesn't execute such code in a way that triggers the bug.

Originally Posted by mithrandir View Post
If we could ensure (somehow) that the neo900 is invulnerable to this kind of attack this could be a strong argument for potential buyers.
Originally Posted by sulu View Post
There's a thread about rowhammer in the Pyra forums too [1], and I guess what Nikolaus said there would also apply to the Neo900.

[1] https://pyra-handheld.com/boards/thr...whammer.78436/
Originally Posted by HNS/Pyra
On the other hand we can't do anything actively about that (we can't change the memory controller or DRAM chips).
Originally Posted by joerg_rw View Post
There's nothing we could do on a hw design level to mitigate that. It's about the way RAM and the memory controller work
Let's see what (software) solutions they come up with for Android phones. tuning refresh time and spoiling rapid RAM access from "exposed services" like JS is probably the only way to go

/j
 

The Following 9 Users Say Thank You to joerg_rw For This Useful Post: