An international team of researchers has found almost all Android devices released since 2012 are vulnerable to a new weakness called RAMpage. The new vulnerability is a variation of the Rowhammer attack which is a hardware bug in modern memory cards. The bug was discovered a few years ago by researchers who found that when someone would send repeated write/read requests to the same row of memory cells, the write/read operations would create an electrical field that would screw with nearby memory data.
Related coverage: <a href="https://thegoldwater.com/news/14557-Malware-can-MELT-Your-Phone-Secretly-Mines-Cryptocurrency">Malware can MELT Your Phone ;Secretly Mines Cryptocurrency</a>
In the years since the discovery of the hardware bug, researchers have discovered that Rowhammer-like attacks have affected personal computers, virtual machines, and Android devices. Further researcher led them to discover they could execute Rowhammer attacks via JavaScript code, GPU cards, and network packets. RAMpage is the latest iteration of the Rowhammer attack. "RAMpage breaks the most fundamental isolation between user applications and the operating system," researchers said. "While apps are typically not permitted to read data from other apps, a malicious program can craft a RAMpage exploit to get administrative control and get hold of secrets stored in the device."
"This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents," according to the research team. It is also possible that RAMpage may also impact Apple devices, PC's, and VMs but research into the latest vulnerability is still in early stages. Researchers have updated an app used previously to detect Drammer to also identify if a device is vulnerable to RAMpage. The app is not available yet in the Play Store but it available online.
Related coverage: <a href="https://thegoldwater.com/news/28291-Google-Removed-The-Egg-From-Salad-Emoji-To-Be-Vegan-Friendly-And-The-Twitter-Responses-Are-Hilarious">Google Removed The Egg From Salad Emoji To Be Vegan-Friendly And The Twitter Responses Are Hilarious</a>
The old Rowhammer attack on Android devices and the new Rowhammer attack differ in that RAMpage specifically targets an Android memory subsystem called ION. A simplified version is that ION is part of the Android OS that manages memory allocations between apps and for the OS. Google introduced ION in Android 4.0 which was released on October 18, 2011.
<i>On Twitter:</i>
<a href="https://twitter.com/MAGASyndicate">@MAGASyndicate</a>
Tips? Info? Send me a message!
Source: https://vvdveen.com/publications/dimva2018.pdf https://www.bleepingcomputer.com/news/security/every-android-device-since-2012-impacted-by-rampage-vulnerability/
Twitter: #RAMpage #Android #Google #Virus #Malware #Memory #Attack
