All Android Devices Released Since 2012 Could Potentially Be RAMpaged
All devices and personal computers may be open to RAMpage, a set of DMA-based Rowhammer attacks. The attack breaks the crucial isolation between user applications and the operating system, exposing data that should remain invisible to apps. "While apps are typically not permitted to read data from other apps, a malicious program can craft a RAMpage exploit to get administrative control and get hold of secrets stored in the device," the explanatory website reads.
“This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents.”
The attacks have only been tested on Android devices, but the international team of security researchers claims that they could likely work on "Apple products or even regular personal computers and the cloud."
RAMpage attack targets Android memory subsystem called ION
The researchers wrote that all the Android devices - or any device - that have shipped with LPDDR2, LPDDR3, or LPDDR4 memory is potentially affected. This means that nearly every phone since 2012 comes under the radar.
The research team has tested the attack, tracked as CVE-2018-9442, on an LG G4. It remains unclear if desktop operating systems are also affected. The bug is a variation of the Rowhammer attack, which is a hardware flaw in memory cards. Since hardware flaws are difficult to get patched up, researchers have looked into software mitigations.
The attack sends repetitive read/write requests to the memory modules of a device, that eventually creates an electrical field within the RAM that could alter data stored on nearby memory cells. Initially, Rowhammer attacks on Android involved rooting the phone, the current variation breaks the isolation between the OS and the apps.
With RAMpage, the attack is specifically targeted at the Android memory subsystem called ION that manages memory allocations between apps and the OS. Bringing Rowhammer attack technique of repeated requests and focusing on ION, RAMpage can break the isolation between the OS and the apps that is fundamental to security.
"It is currently unclear how widespread the Rowhammer bug (the hardware error that RAMpage exploits) is," researchers write on the website that explains the attack and mitigations. "By getting more people to run our updated drammer test app, we hope to get a better understanding of this issue, allowing us to make decisions on how to move forward (i.e., should we continue looking for defenses or is this an already-solved problem?)."