Header Ads

Android Drammer Attack

Android Drammer Attack

Researchers in the ETHICAL HACKERS CLUB Lab at Mumbai have discovered a vulnerability that points to device's random access memory (DRAM) utilizing an attack called Rowhammer.

While we are previously informed of the Rowhammer attack, this is the really first time when researchers have successfully used this attack to target mobile devices.

What is DRAM Rowhammer Attack?

The Rowhammer attack upon mobile devices is uniformly critical since it potentially sets all critical ( sensitive) data on millions of Android devices at risk, at least until a security patch is ready.

The Rowhammer attack includes executing a malicious application that frequently accesses the same "row" of transistors on a memory chip in a fraction of a second with a process called "Hammering."
As a result of hammering, a memory region can disturb neighboring row, causing the row to leak electricity into the next row which ultimately produces a bit to flip. And since bits encode data, this small change modifies that data, creating a way to obtain control over the device.
In short, Rowhammer is a concern with new generation DRAM chips in which regularly obtaining a row of memory can cause "bit flipping" in an adjoining row that could allow anybody to modify the value of contents stored in the memory.

Is Your Android Device Vulnerable?

To examine the Rowhammer attack on mobile phones, the researchers created a new proof-of-concept exploit, dubbed DRAMMER, and found their exploit successfully modified critical bits of data in a way that effectively roots high-end Android devices from Samsung, OnePlus, LG, Motorola, and possibly other manufacturers.
The researchers successfully rooted Android Devices including Google's Nexus 4 and Nexus 5; LG's G4; Samsung Galaxy S4 and Galaxy S5, Motorola's Moto G models from 2013 and 2014; and OnePlus One.

How does the DRAMMER Attack Work? 

The researchers built an app — containing their rooting exploit — that needs no specific user permissions. The DRAMMER attack would then demand a victim to download the app bound with malware to accomplish the hack.

The researchers took help of an Android mechanism called the ION memory allocator to obtain direct access to the dynamic random access memory (DRAM).
Beyond giving every app direct access to the DRAM, the ION memory allocator also allows recognizing adjacent rows on the DRAM, which is an essential part for generating targeted bit flips.
Understanding this, the researchers then had to figure out how to use the bit flipping to obtain root access on the victim's device, giving them full control of the target phone and the capability to do anything from obtaining data to taking pictures.

"On a high level, our technique works by exhausting available memory chunks of different sizes to drive the physical memory allocator into a state in which it has to start serving memory from regions that we can reliably predict," the paper reads.
"We then force the allocator to place the target security-sensitive data, i.e., a page table, at a position in physical memory which is vulnerable to bit flips and which we can hammer from adjacent parts of memory under our control."

Once you download this malicious app, the DRAMMER exploit takes over your phone within seconds – and operates without your interaction. The attack recommences to run even if you associate with the apps or put your phone in "sleep" mode.

DRAMMER Has No Quick Fix for now. Stay Connected for further Updates on the same.

Powered by Blogger.