Saturday 30 June 2018

Android devices are vulnerable to RAMpage attack

We have consistently seen various vectors of attack rear their head when it comes to Android smartphones. We’ve seen Shattered Trust, Cloak and Dagger, and Rowhammer, just to name a few. RAMpage is the latest one on the block, and while it is a hardware vulnerability, it doesn’t necessarily need physical access to your device to exploit. How it works is relatively simple.

A group of university researchers have discovered that this vulnerability could theoretically work on any device with LPDDR memory, which includes virtually every smartphone released since 2012, including some Apple devices.

When a CPU reads or writes a row of bits in the RAM module present on the device, the neighbouring rows are slightly affected due to a tiny electric discharge. This isn’t usually a problem as we know RAM does this and that’s why it’s periodically refreshed to make sure nothing goes wrong. But what if we start “hammering” the same “row”? What if we continuously read or write to the same row in order to disrupt neighbouring rows? This can cause a bit-flip in a memory row that we shouldn’t own or have access to at all. That’s what Rowhammer is, and it’s being used as part of a larger vulnerability called RAMpage. The CVE is CVE-2018-9442 and it affects devices shipped with LPDDR2, LPDDR3, or LPDDR4 RAM.

RAMpage can be used to gain root access on a device, but the researchers managed to get it to do a whole lot more as well. It could be used to bypass JavaScript sandboxes and even perform an attack running on another virtual machine on the same computer on x86 devices. ARM-based devices are also vulnerable, and that’s where our Android phones come in. DRAMMER stands for “Deterministic Rowhammer Attacks on Mobile Devices”.

The attack allows a hacker access to the entire operating system. This includes accessing the data stored by other applications, which the Android security model is meant to prevent. An attacker can gain full control of a device allowing them to obtain stored passwords, personal photos, emails, instant messages and even business-critical documents.
get the latest hacking gist here
Posted by at
Labels: ,

1 comment:

  1. siqing chen8 October 2020 at 15:14

    i am a successful business owner and father. I got one of these already programmed blank ATM cards that allows me withdraw a maximum of $5,000 daily for 30 days. I am so happy about these cards because I received mine last week and have already used it to get $20,000. Skylink technology is giving out these cards to support people in any kind of financial problem. I must be sincere to you, when i first saw the advert, I believed it to be illegal and a hoax but when I contacted this team, they confirmed to me that although it is illegal, nobody gets caught while using these cards because they have been programmed to disable every communication once inserted into any Automated Teller Machine(ATM). If interested get through to them on mail: skylinktechnes@yahoo.com or whatsapp/telegram: +1(213)785-1553

    ReplyDelete

Subscribe to: Post Comments (Atom)