New Rowhammer attack to remotely hack Android devices

Researchers from Amsterdam's Vrije Universiteit have shown that using a rowhammer attack can remotely hack an Android phone.

What is a rowhammer attack?

"The Rowhammer attack target is the DRAM memory design. On a system with insufficient DRAM refreshes, the target operation on a single line of DRAM memory may affect the memory value of adjacent rows, "the CERT Department of the Software Engineering Institute at Carnegie Mellon University (SEI) explains concisely.

The result of this attack is that the value of one or more bits in physical memory (in this case, GPU memory) is flipped and may provide new access to the target system.

A successful Rowhammer attack was previously demonstrated for a Linux virtual machine on a local machine, a remote machine, and a cloud server.

Glitch attack

The researchers called their attack "GLitch" because it leverages WebGL, a JavaScript API for rendering interactive graphics in a Web browser, to determine the physical memory layout of DRAM memory before starting a target Rowhammer attack.

Attacks on vulnerable smartphones can be done by tricking users into accessing websites that host malicious JavaScript. A successful exploit can cause malicious code to run on the device, but it is only within the browser's purview, which means that a complete leak of the device is not possible, but password theft is possible.

"The impact of combining side channel attacks with Rowhammer attacks has proven to bypass the Firefox sandbox on the Android platform," the research department said. ”

"It is important to realize that the glitch attack was successfully displayed only on the Nexus 5 handsets released in 2013. The Nexus 5 phone received its latest software security update in October 2015, so this is an insecure device. Several other handsets released in 2013 have been tested, but have not been successfully attacked by glitch attacks. ”

The researchers told Wired that the attack could be modified to target different phone architectures and different browsers.

To mitigate the risk of this particular attack, Google and Mozilla have released updates for Chrome and Firefox that disable high-precision WEBGL timers for leaking memory addresses.

New Rowhammer attack to remotely hack Android devices