In the world of security, there seems to be nothing so secured any more. Every now and then, there are new vulnerabilities found in different system. The first major ones were the Meltdown and Spectre that shook the world of security. Recently, a new vulnerability in Android has been identified that affects all the Android devices since 2012!
The new vulnerability has a nice name – RAMpage. The vulnerability is a variation of the Rowhammer attack. Rowhammer is a hardware bug in modern memory cards. Using the bug, researchers noticed that when someone would send repeated read/write instruction to a same row of the memory cells, it would create an electric field and the field was able to alter data stored on the nearby memory.
Later, researchers found that the attack was able to affect devices like virtual machines, PCs and Android devices. Researchers also found that they could execute the attack using GPU cards, JavaScript codes and even network packets.
RAMpage – Rowhammer attack variation
The first Rowhammer attack was named “DRammer” that would affect Android devices. This method was able to root the Android device. The current and latest version (RAMpage) is nothing more than the expansion of the previous one.
According to a research paper published recently, a team of 8 academics from 3 different universities and 2 private companies discovered this new attack.
According to the researchers, RAMpage can break the most fundamental isolation between user apps and the OS. A nicely crafted malicious program can use the RAMpage exploit for gaining admin control of the system and get hold of secrets from the device memory.
Now, once a malware gets admin privilege, it can steal any info like passwords, your personal photos etc. and even critical documents.
RAMpage infecting other devices (Apple, VMs and PCs)
The development of the attack is still in early stage. However, according to the researchers, the attack holds potential to work on home PCs, Apple devices and even on cloud servers. For Android devices, here’s an app from the security researchers to check if your device is vulnerable to DRammer and RAMpage.
RAMpage targeting Android’s ION subsystem
The difference between the DRammer and RAMpage is, the newer one specifically targets ION – an Android memory subsystem. ION is the responsible part of Android that manages memory allocation between apps and the OS. ION was introduced back in 2011 with Android 4.0 (Ice Cream Sandwich).
Thankfully, researchers also made a new tool that puts an additional guard in front of the ION subsystem. The guard is supposed to protect against RAMpage attack routine. You can get the app from GitHub.
The bad news
Be prepared for the bad news, folks! Researchers successfully pulled the attack on an LG4 smartphone, but the attack is able to infect other mobile devices with LPDDR2 to LPDDR4 memory. In short, that’s nearly all the Android smartphones produced since 2012!
Here’s a website that clarifies all the information about this dangerous vulnerability. The researchers encouraging people to use their apps and send the scanning result to them for getting more information and ultimately, understand the depth and making decision on next step.
Still not satisfied? Check out this new form of DDoS attack that uses UPnP for masking its identity and rendering all the DDoS mitigation method useless.
