DRAMMER, A DANGEROUS THREAT TO ANDROID DEVICES — GOOGLE HAS AWARDED THE RESEARCHERS $4000 FOR IDENTIFYING THE BUG BUT IT WILL TAKE A WHILE FOR TO GET RID OF IT.
IT security researchers from the University of Amsterdam have discovered a security flaw in the memory chip design used in Android Devices.
The flaw allows the attackers to target a specific memory chip and thus gaining control of the entire system.
Drammer has the potential to put millions of users at risk, especially when combined with existing attack vectors like Stagefright.
Not a new method
The attack goes by the name of Rowhammer which is not new. Previously, security researchers found a similar flaw in systems running on Linux.
The flaw could also be exploited to launch a Rowhammer attack.
This time, however, it is the Android devices that are in danger.
How it Works?
Essentially, the Rowhammer, as the name suggests, targets a row of transistors in a memory chip.
These are the DDR DRAM chips found in mobile android devices.
The attack is usually executed through a harmful app unbeknownst to the user.
Primarily, the attacker implants the code in such an app. When the code is executed, the app keeps on accessing a specific row of transistors.
It is a repetitive process which causes that row of transistors to cause an electric disturbance with the rows nearby. This leads to a leak in electricity which eventually results in a bit flip.
A bit flip in turn, is simply the interchange of bits of data in random positions.
Due to such randomization of bits, the attacker is able to change values for data stored on the chip and gain access to the victim’s device.
Proof-of-concept
In order to test the attack, the researchers themselves devised an attack aimed at mobile devices such as Samsung, LG etc.
The project was named “DRAMMER”. The mechanism allowed the researchers to gain root access to the victim’s device.