New Research Demonstrates Remote Rowhammer Attacks via Federated Learning Clients

A recently discovered security vulnerability in Federated Learning (FL) systems allows remote Rowhammer attacks on central servers, removing the necessity for backdoor access. This was detailed in the arXiv preprint 2505.06335v2. It shows that attackers can manipulate certain FL clients to create fast, repetitive memory updates on the server. By using reinforcement learning (RL), an attacker can figure out how to execute these attacks by monitoring harmful behaviors in FL clients. This approach challenges the assumption that a large number of clients can effectively shield against server attacks. Most current FL security efforts focus on protecting data privacy at client sites or during communication, often overlooking server security. Federated Learning enables global collaboration among multiple agents, which is crucial for training advanced AI like Large Language Models (LLMs) with diverse datasets. The success of FL relies on limited gradient updates and remote memory access at the central server. This discovery marks the first time remote Rowhammer attacks can occur without direct server access, highlighting a serious security gap in distributed AI training systems.