The new vulnerability has a nice name – RAMpage. The vulnerability is a variation of the Rowhammer attack. Rowhammer is a hardware bug in modern memory cards. Using the bug, researchers noticed that when someone would send repeated read/write instruction to a same row of the memory cells, it would create an electric field and the field was able to alter data stored on the nearby memory.

Later, researchers found that the attack was able to affect devices like virtual machines, PCs and Android devices. Researchers also found that they could execute the attack using GPU cards, JavaScript codes and even network packets.

RAMpage – Rowhammer attack variation

The first Rowhammer attack was named “DRammer” that would affect Android devices. This method was able to root the Android device. The current and latest version (RAMpage) is nothing more than the expansion of the previous one.

According to a research paper published recently, a team of 8 academics from 3 different universities and 2 private companies discovered this new attack.

According to the researchers, RAMpage can break the most fundamental isolation between user apps and the OS. A nicely crafted malicious program can use the RAMpage exploit for gaining admin control of the system and get hold of secrets from the device memory.

Now, once a malware gets admin privilege, it can steal any info like passwords, your personal photos etc. and even critical documents.

RAMpage infecting other devices (Apple, VMs and PCs)

The development of the attack is still in early stage. However, according to the researchers, the attack holds potential to work on home PCs, Apple devices and even on cloud servers. For Android devices, here’s an app from the security researchers to check if your device is vulnerable to DRammer and RAMpage.

RAMpage targeting Android’s ION subsystem

The difference between the DRammer and RAMpage is, the newer one specifically targets ION – an Android memory subsystem. ION is the responsible part of Android that manages memory allocation between apps and the OS. ION was introduced back in 2011 with Android 4.0 (Ice Cream Sandwich).

Thankfully, researchers also made a new tool that puts an additional guard in front of the ION subsystem. The guard is supposed to protect against RAMpage attack routine. You can get the app from GitHub.

The bad news

Be prepared for the bad news, folks! Researchers successfully pulled the attack on an LG4 smartphone, but the attack is able to infect other mobile devices with LPDDR2 to LPDDR4 memory. In short, that’s nearly all the Android smartphones produced since 2012!

Here’s a website that clarifies all the information about this dangerous vulnerability. The researchers encouraging people to use their apps and send the scanning result to them for getting more information and ultimately, understand the depth and making decision on next step.

Still not satisfied? Check out this new form of DDoS attack that uses UPnP for masking its identity and rendering all the DDoS mitigation method useless.

The post RAMpage – Rowhammer Variant Affecting Android Devices appeared first on Linux Windows and android Tutorials.

This issue isn’t something new. The first time it was detected by the team at Qihoo 360 Netlab in February 2018. A worm was spreading through Android devices and infecting the hosts with a cryptocurrency miner named ADB.Miner. The worm was using a vulnerability in the ADB (Android Debug Bridge) – a feature of Android for troubleshooting faulty devices and perform many actions.

By default, the feature of ADB is disabled and users have to manually turn it on for using via USB connection. ADB also supports a feature named “ADB over Wi-Fi” that allows remote debugging instead of the traditional USB cable, a flexible option for devs.

ADB interface left open

This current issue is because of the open “ADB over Wi-Fi” feature in various shipped Android devices. Customers using those devices may be completely unaware of the open remote connection. The connection is open via TCP port 5555.

ADB is a troubleshooting utility that allows collecting other sensitive information from the device as well. The access also opens access to a UNIX shell.

That’s how the infamous ADB.Miner spread throughout numerous devices back in February. It loaded the Monero miner using the Unix shell and continued spreading from the infected devices over TCP port 5555.

Devices exposing ADB port

Last week, security researcher Kevin Beaumont has brought it into focus once again. In a Medium blog post, he mentioned that there are still numerous Android devices that are left exposed online.

According to Beaumont, the open port is highly problematic as it allows anyone on the same network remotely access these devices as root user – the most powerful privilege of any UNIX-based system.

ADB.Miner still active

Because the port is left open, ADB.Miner is still going strong. According to security researchers, it’s confirmed that the worm is still active and kicking.

In addition to the worm, there’s also a Metasploit module that can exploit and root Android devices via port 5555. The best option, for now, is to check out your device manually and make sure that the ADB port is turned off.

The easiest way to do so is to disable “USB Debugging” from “Developers option” in Android “Settings”.

The post Android Devices with Exposed ADB Port appeared first on Linux Windows and android Tutorials.

The bug

This bug is really funny. This bug exposes the SMS text open to the browser when searched using various terms.

For example, the initial report was when a user tried to access the URL “the1975..com”. Then, Google Pixel Launcher app returned the data of his SMS texts instead of the search result. The bug went public on Reddit. Eventually, there were also other Android-centered blogs who were able to reproduce the bug successfully.

The bug also worked on other Google apps. Here are some of the terms to try out for yourself –

the1976..com
thw1975..com
the1974..com
the1975..com
Izela viagens
Vizel viagens
Zela viagens

Google apps fixed

Such glitch wasn’t supposed to be present. Generally, Google apps have the ability to return user’s SMS text, but that requires permission from the user himself.

As it appears, it’s more a “glitch” rather than a security flaw. It’s not exploitable remotely, so you’re completely safe against any possible threat due to this issue. Even if someone has physical access to your smart device, he/she is more likely to log into your Message app instead of typing some garbage & meaningless text into your phone’s browser.

As of now, Google has already fixed the issue and released updates for Google Assistant, Pixel Launcher, Google Search and other related apps. Those should appear on your Play Store’s update section.

The post Weird Android Bug – Really WEIRD! appeared first on Linux Windows and android Tutorials.

Security researchers from Pangu Lab, a well-known company for providing jailbreaks have confirmed the vulnerability and named it “ZipperDown”. This flaw, according to their description, is a common programming error that leads to severe consequences like data overwriting, even code execution in the affected apps’ context.

Vulnerable apps

Pangu Lab created a scan rule for searching ZipperDown flaw in iOS apps. According to the result, 15,978 out of 168,951 scanned apps appear to have ZipperDown infection. However, they also added that the apps are to be manually inspected for confirmation.

Unfortunately, in the list of vulnerable apps, there are some really popular apps like NetEase Music, QQ Music, MOMO, Kwai etc. who have over 100 million users. Here’s a video where the researchers showed a demo infecting Weibo.

Devs must contact the researchers

Pangu Lab said that due to the potential infection in a large amount of apps, they’re not able to verify all the individual apps precisely. Moreover, the number of authors of infected apps is also large enough, making it really difficult for contacting each of them and informing the issue.

That’s why the company is asking the devs if their apps is on the list of potential infection list, they need to contact Pangu Lab for further details and test & fix their application(s).

Android infected(?)

According to Pangu Lab, Android also suffers from similar issues like ZipperDown. The researchers said that they’ll continue further investigation for pinning the flaw.

Fortunatley, ZipperDown isn’t like other vulnerabilities and not available for easy exploitation. In order to exploit, the hacker must be within the range of the same network position for hijacking/spoofing traffic. According to the researchers, the sandbox on both Android and iOS are really effective in mitigating any possible damage for ZipperDown’s consequences.

How to stay secured

If you want to protect yourself from the vulnerability, you have to make sure that you are using the latest version of all the installed apps. It’s highly likely that app devs will release update to their software in the future.

Recently, the source code of TreasureHunter malware went public. Learn more about the source code leak and the future attacks.

The post ZipperDown Infecting iOS Apps appeared first on Linux Windows and android Tutorials.