Slashdot Mirror
Every Android Device Launched Since 2012 Impacted By RAMpage Vulnerability (bleepingcomputer.com)
Almost all Android devices released since 2012 are vulnerable to RAMpage bug, an international team of academics has revealed today. From a report: The vulnerability, tracked as CVE-2018-9442, is a variation of the Rowhammer attack. Rowhammer is a hardware bug in modern memory cards. A few years back researchers discovered that when someone would send repeated write/read requests to the same row of memory cells, the write/read operations would create an electrical field that would alter data stored on nearby memory. In the following years, researchers discovered that Rowhammer-like attacks affected personal computers, virtual machines, and Android devices. Through further researcher, they also found they could execute Rowhammer attacks via JavaScript code, GPU cards, and network packets.
The article said that Apple iOS devices may be vulnerable to, but since this is a kind of Rowhammer attack, which Apple mitigated in 2015, I wonder if it is?
It would be nice if the article (and researchers) were more clear about other platforms being vulnerable...
"There is more worth loving than we have strength to love." - Brian Jay Stanley
At some point one of these vulnerability checking apps will be found to be it's own kind of trojan, instead uploading contacts or installing spyware...
After all, seems reasonable to grant a vulnerability checking app full permissions right?
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Pretty much, except for the last bit: memory page protection is administrative, not technical. The CPU says, "You can't write to address 0xC0004000" and you don't. If you write to 0xB0004000 and create electrical fields messing with 0xC0004000, that's physical and bypasses any code that says no you can't.
It's like approaching a hotel key card lock with dynamite.
Support my political activism on Patreon.
Unless it's posted open source and GPL.
If I were going to post some Malware, I'd make a clean open source/GPL version with handy pre-compiled binaries that had the actual exploits included... we all know very few people would actually go to the trouble to download and compile so you'd get quite a good uptake from people who assumed because the source was open it was safe.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Unless your objective is to crash the device, rowhammer is a useless technique and even then there are far easier ways to accomplish this. Until you can tell me EXACTLY what cells you are modifying and in what way, you will NEVER be able to utilize this vulnerability interesting observation for any kind of useful exploit. Even then, you would have to know WHAT you are modifying and even the most basic memory page protection prevents that. #SLOWNEWSDAY
Exploits have been known since 2015. Basically you fill memory with Page Table Entries, then you corrupt them until a bit flips which gives you access to write your on PTE. From that point, you own the machine. I have not heard of any fixes for this.
Would using ECC memory avoid all this over hyped crap?
Yes ECC memory and ECC cache mitigates Rowhammer. In theory not completely, you could cause an undetected triple-bit error if you ran the attack long enough. However, in that time you are vastly more likely to hit a detectable-but-uncorrectable two-bit error that halts the machine.
(A quick Google implied that modern systems are still stuck with single-correction double-detection. I am not sure that is correct.)
Finally! A year of moderation! Ready for 2019?