RAMpage is the latest security problem that affects all Android devices since 2012

The team has launched a new tool by the name GuardION that allows users to protect against such attacks on their Android devices.

  • Published: June 29, 2018 2:51 PM IST
Android RAMpage Rowhammer 805px

Image credit: RAMpageattack

A team of academics has published a paper that outlines a new Android security vulnerability that potentially affects all the smartphones launched in last six years in the market. According to the paper, the team has named this new flaw as RAMpage because this attacks the RAM memory present in the smartphones. To be more precise, this attacks the LPDDR memory module in smartphones that is present in almost all the smartphones released on the market since 2012. There have been a number of versions to LPDDR with the latest being LPDDR4X and all the versions are theoretically affected. The thing to note here is that this vulnerability is not really new and instead, this vulnerability with code name CVE-2018-9442 is a variant of the existing Rowhammer attack.

According to a detailed report by Bleeping Computer, Rowhammer attack is a hardware flaw in modern memory modules. The report goes on to point that security researchers discovered “a few years back” that if any user was to sent repeated read and write requests “to the same row of memory cells”, the operations were able to create an electrical field that could be used to change the data stored in the nearby memory modules hence the name Row and hammer.

What is RAMpage and Rowhammer?

RAMpage is not the first Rowhammer attack as researchers have discovered a number of variants over the years that have affected a range of devices from Android devices to computers to virtual machines. According to the report, Rowhammer attacks could be conducted through GPU cards, network packers, or even JavaScript code. The first Rowhammer attack on Android devices was named “DRammer” and it could modify data and achieve root access.

What can RAMpage do?

According to the research paper, the team noted that this new attack could allow malicious apps to achieve administrator privileges while allowing it to read data from other apps including passwords stored in password managers or browsers, emails, messages, photos or even critical documents.

Watch: Oppo Find X First Look

To carry out this attack, RAMpage attacks the memory subsystem on Android known as ION. ION is the part on Android that manages what memory is allocated to user apps and what memory is allocated to the operating system.

ION was first launched as part of Android 4.0 Ice Cream Sandwich back in 2011. RAMpage allows hackers to break the boundary between apps and Android OS itself.

Scope of RAMpage and protection

Similar to Rowhammer, it is likely that RAMpage may also affect Apple devices, computers, and even cloud servers running virtual machines. The team only carried out the attack on an LG G4 smartphone but it possible to craft this attack for anything running any LPDDR memory.

The team has launched a new tool by the name GuardION that allows users to protect against such attacks on their Android devices. The tool has been open-sourced on GitHub. It has also launched Drammer test app for users to help it understand the scope of the bug.

  • Published Date: June 29, 2018 2:51 PM IST