Researchers Devise Rowhammer Attacks Against Latest Android Versions

Discussion in '0-day Release' started by silversurfer, Jun 29, 2018.

  1. silversurfer

    silversurfer Malware Tester Silver Member

    A team of researchers from universities worldwide have devised a new set of DMA-based Rowhammer attacks against the latest Android OS, along with a lightweight defense to prevent such attacks on ARM-based devices.

    Rowhammer is a vulnerability impacting dynamic random-access memory (DRAM) chips that can be abused to gain kernel privileges on Linux systems. Discovered in 2012 but documented only in 2014, the bug can also be exploited remotely using JavaScript or via graphics processing units (GPUs).

    Last year, researchers from Graz University of Technology, the University of Pennsylvania (and University of Maryland), and University of Adelaide revealed a series of attack methods able to bypass existing defenses against Rowhammer.

    Now, eight researchers from Vrije Universiteit Amsterdam, Amrita University India, UC Santa Barbara, and EURECOM propose RAMpage, a set of attacks that target the latest Android versions with a root exploit and app-to-app exploits that bypass all defenses.

    In a research paper (PDF), they also propose GuardION, lightweight defenses that mitigate Rowhammer exploitation on ARM systems by isolating DMA buffers with DRAM-level guard rows.

    Full Article:
    revC0de and RGiskardR like this.
  2. Google Adsense

Share This Page