FLIPPYRAM: A Large-Scale Study of Rowhammer Prevalence
Martin Heckel
Network and Distributed System Security (NDSS) Symposium 2026 · Day 1 · Microarchitectural Security
How many real-world systems are actually vulnerable to **Rowhammer** attacks? This large-scale empirical study, which distributed bootable USB sticks at **38C3** and collected data from 106 systems, provides the first broad answer: at least **12.5% of tested systems** are vulnerable to fully automated Rowhammer attacks, with bit flips occurring in practical timeframes. The study reveals that **27.2% of DDR3 DIMMs** and **8.8% of DDR4 DIMMs** tested showed bit flips, while DDR5 showed no flips -- though the researchers attribute this to lack of appropriate tooling rather than inherent safety.
AI review
A large-scale empirical study confirming that 12.5% of real-world systems are vulnerable to fully automated Rowhammer attacks, with 27.2% of DDR3 DIMMs and 8.8% of DDR4 DIMMs showing bit flips. The study is more measurement science than offensive research, but the data is valuable and the tooling framework is immediately useful for hardware security assessment.