Rowhammer memory attack can root Android phones in seconds

hammer-anvil

Smartphones from LG, Samsung and Motorola are all vulnerable to an attack that makes it possible to gain root access in a matter of seconds. Known as Rowhammer, the attack works using a bit flipping technique that exploits a vulnerability in the design of RAM chips.

Because the attack takes advantage of a physical aspect of design, it is going to be difficult to quickly devise a fix. In the meantime, millions of smartphones are at risk of compromise in what could be as large an issue as the recently-discovered Dirty COW bug -- and there's an app you can use to check if you are at risk.

Advertisement

Google is expected to release a security update for Android in November that will make the bug harder to exploit, but it will not eliminate the problem completely. The exploit works when an attacker successfully manipulates bit values using a 'hammering' technique -- rapidly accessing the same locations of memory time and time again. This can cause an electric charge leak resulting in adjacent memory cells being altered.

In an email to Ars Technica, one of the researchers who discovered the vulnerability, Victor van der Veen, said:

Until recently, we never even thought about hardware bugs [and] software was never written to deal with them. Now, we are using them to break your phone or tablet in a fully reliable way and without relying on any software vulnerability or esoteric feature. And there is no quick software update to patch the problem and go back to business as usual.

A paper published by van der Veen and others entitled Drammer: Deterministic Rowhammer Attacks on Mobile Platform explains how the Rowhammer attack can be used on ARM and x86 architectures -- with ARM being even easier. The researchers were able to create an app that exploited the Rowhammer technique to run with root accessed without the need for special permissions.

If you want to check to see your phone is vulnerable, details of the testing app can be found on Github.

Photo credit: Ermolaev Alexander / Shutterstock

8 Responses to Rowhammer memory attack can root Android phones in seconds

  1. BoltmanLives says:

    Another massive "millions of smartphones are at risk"Android hack of the week...yay

    "To conclude, our research shows that practical large-scale
    Rowhammer attacks are a serious threat and while the response
    to the Rowhammer bug has been relatively slow from
    vendors"

    Solution: W10M

    • Richard Saunders says:

      Windows 10 is every bit as vulnerable to this, which was originally discovered by Google's project zero by the way. Basically the only effective way to mitigate against this is by replacing the DRAM chips.

      • MyDisqussion says:

        Edge? There are nearly as many people using "other" browsers as Edge to access the over 5,000 US Government websites over the last 90 days.

        Windows 7 remains strong at 27.5%, while Windows X just creeps up to 16.1%.

  2. BoltmanLives says:

    Maybe just start a weekly "Massive Android hack of the week" series as this is so commonplace now.

  3. MyDisqussion says:

    The article that I read said that the same technique might be applicable to iOS and Windows Phone.

  4. Slavic says:

    First and foremost, it's a DRAM design problem rather than a bug in particular OS. The regeneration cycles must be independent and mandatory, no matter how often the particular memory cells are accessed, this will make such "hammering" completely impossible. Forthcoming security patch is only a partial solution, need to wait for the changes in RAM and controllers from manufacturers. And then for the development of new devices without this flaw. A half of year, at least.

    As for Android, even the trusted apps developers occasionally use the third-party libraries, which can contain such exploits. It would be better to limit the usage of non-Google apps for a while.

  5. MyDisqussion says:

    It's not clear from the articles that I was able to find, why one third of the models they tested were resistant to rowhammer. Apparently, having a hardware flaw isn't a golden key against the device.

© 1998-2020 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.