DRAMMER Attack : Millions of Android Devices Vulnerable

0
1917
DRAMMER, A DANGEROUS THREAT TO ANDROID DEVICES — GOOGLE HAS AWARDED THE RESEARCHERS $4000 FOR IDENTIFYING THE BUG BUT IT WILL TAKE A WHILE FOR TO GET RID OF IT.

IT security researchers from the University of Amsterdam have discovered a security flaw in the memory chip design used in Android Devices.

The flaw allows the attackers to target a specific memory chip and thus gaining control of the entire system.

Drammer has the potential to put millions of users at risk, especially when combined with existing attack vectors like Stagefright.

Not a new method

The attack goes by the name of Rowhammer which is not new. Previously, security researchers found a similar flaw in systems running on Linux.

The flaw could also be exploited to launch a Rowhammer attack.

This time, however, it is the Android devices that are in danger.

How it Works?

Essentially, the Rowhammer, as the name suggests, targets a row of transistors in a memory chip.

These are the DDR DRAM chips found in mobile android devices.

The attack is usually executed through a harmful app unbeknownst to the user.

Primarily, the attacker implants the code in such an app. When the code is executed, the app keeps on accessing a specific row of transistors.

It is a repetitive process which causes that row of transistors to cause an electric disturbance with the rows nearby. This leads to a leak in electricity which eventually results in a bit flip.

A bit flip in turn, is simply the interchange of bits of data in random positions.

Due to such randomization of bits, the attacker is able to change values for data stored on the chip and gain access to the victim’s device.

List of Android devices tested by researchers
List of Android devices tested by researchers

Proof-of-concept

In order to test the attack, the researchers themselves devised an attack aimed at mobile devices such as Samsung, LG etc.

The project was named “DRAMMER”. The mechanism allowed the researchers to gain root access to the victim’s device.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Questo sito usa Akismet per ridurre lo spam. Scopri come i tuoi dati vengono elaborati.