Rubber Mallet: A Study of High Frequency Localized Bit Flips and Their Impact on Security

TL;DR

This paper analyzes high-frequency, localized bit flips caused by advanced Rowhammer attacks, revealing their patterns, clustering behavior, and potential for impactful security exploits like cryptographic key recovery and model manipulation.

Contribution

It uncovers new patterns of bit flips, models their likelihood, and demonstrates novel attack methods on cryptography and language models exploiting these flips.

Findings

Adjacent bit flips occur more frequently than previously known.

Correlated flips enable cryptographic key recovery attacks.

Rowhammer can manipulate language model safety tokens.

Abstract

The increasing density of modern DRAM has heightened its vulnerability to Rowhammer attacks, which induce bit flips by repeatedly accessing specific memory rows. This paper presents an analysis of bit flip patterns generated by advanced Rowhammer techniques that bypass existing hardware defenses. First, we investigate the phenomenon of adjacent bit flips where two or more physically neighboring bits are corrupted simultaneously and demonstrate they occur with significantly higher frequency than previously documented. We also show that if multiple bits flip within a byte, we can probabilistically model the likelihood of flipped bits appearing adjacently. We also demonstrate that bit flips within a row will naturally cluster together likely due to the underlying physics of the attack. We then investigate two fault injection attacks enabled by multiple adjacent or nearby bit flips. First, we show how these correlated flips enable efficient cryptographic signature correction attacks, demonstrating how such flips could enable ECDSA private key recovery from OpenSSL implementations where single-bit approaches would be unfeasible. Second, we introduce a targeted attack against large language models by exploiting Rowhammer-induced corruptions in tokenizer dictionaries of GGUF model files. This attack effectively rewrites safety instructions in system prompts by swapping safety-critical tokens with benign alternatives, circumventing model guardrails while maintaining normal functionality in other contexts. Our experimental results across multiple DRAM configurations reveal that current memory protection schemes are inadequate against these sophisticated attack vectors, which can achieve their objectives with precise, minimal modifications rather than random corruption.