16-07-2025
Nvidia chips hacked, fall victim to Rowhammer bit-flip attacks; here's how to secure the AI GPUs
Nvidia issues security warning
Live Events
(You can now subscribe to our
(You can now subscribe to our Economic Times WhatsApp channel
A team of Canadian researchers has proved and demonstrated that Nvidia A6000 GPUs are vulnerable to Rowhammer bit-flip attacks , which can easily allow attackers to sabotage artificial intelligence models running on the widely used hardware of the tech giant. The attack, called GPU Hammer, was created by University of Toronto researchers Chris Lin, Joyce Qu, and Gururaj Saileshwar, and it may pose significant risks to AI usage. It is the first attack to show Rowhammer bit flips on GPU memories, specifically on a GDDR6 memory in an NVIDIA A6000 GPU According to the researchers, the attacks induce bit flips across all tested DRAM banks, despite in-DRAM defenses like TRR, using user-level CUDA code. These bit flips allow a malicious GPU user to tamper with another user's data on the GPU in shared, time-sliced environments. In a proof-of-concept, we use these bit flips to tamper with a victim's DNN models and degrade model accuracy from 80% to 0.1%, using a single bit lets attackers alter or corrupt memory data by rapidly and repeatedly accessing a specific row of memory cells. This repeated hammering of selected rows causes bit flips in adjacent rows, turning digital zeros into ones or vice versa. So far, Rowhammer attacks have only been shown on memory chips used in CPUs for general-purpose to the new research, Nvidia released a security notice saying that the fix is simple. The users just need to enable System-Level ECC , or error-correcting code. This simple setting creates a redundancy in the bits, so if one gets flipped, the system can automatically correct it before anything goes wrong.'For enterprise customer environments that require enhanced levels of assurance and integrity, NVIDIA recommends using professional and data center products (instead of consumer-grade graphics hardware) and ensuring that ECC is enabled to prevent Rowhammer-style attacks. This is enabled by default on the Hopper and Blackwell Data Center class of GPUs,' Nvidia said in a evaluating the risk, it's important to consider whether the GPU setup is single-tenant or multi-tenant. A Rowhammer attack between tenants can only be carried out if they access the GPU simultaneously.
