Every Android device is susceptible to a hardware vulnerability called RAMpage
Electronics & Gadgets  
xda-developers

We have consistently seen various vectors of attack rear their head when it comes to Android smartphones. We’ve seen Shattered Trust, Cloak and Dagger, and Rowhammer, just to name a few. RAMpage is the latest one on the block, and while it is a hardware vulnerability, it doesn’t necessarily need physical access to your device to exploit. How it works is relatively simple.

 

When a CPU reads or writes a row of bits in the RAM module present on the device, the neighboring rows are slightly affected due to a tiny electric discharge. This isn’t usually a problem as we know RAM does this and that’s why it’s periodically refreshed to make sure nothing goes wrong. But what if we start “hammering” the same “row”? What if we continuously read or write to the same row in order to disrupt neighboring rows? This can cause a bit-flip in a memory row that we shouldn’t own or have access to at all. That’s what Rowhammer is, and it’s being used as part of a larger vulnerability called RAMpage. The CVE is CVE-2018-9442 and it affects devices shipped with LPDDR2, LPDDR3, or LPDDR4 RAM. We’ve already covered Rowhammer in greater depth here.
 
The Team Behind RAMpage
 
Vrije Universiteit Amsterdam
 
TU Wien
 
EURECOM
 
*Harikrishnan Padmanabha Pillai, MSc.
IBM
 
*Prof. Dr. Giovanni Vigna
UC Santa Barbara
 
UC Santa Barbara
 
*Prof. Dr. Herbert Bos
Vrije Universiteit Amsterdam
 
Vrije Universiteit Amsterdam
 
What is RAMpage?
 
RAMpage isn’t exactly new, so to say. RAMpage is a hardware vulnerability which implements Rowhammer and other, smaller exploits. RAMpage can be used to gain root access on a device, but the researchers managed to get it to do a whole lot more as well. It could be used to bypass JavaScript sandboxes and even perform an attack running on another virtual machine on the same computer on x86 devices. ARM-based devices are also vulnerable, and that’s where our Android phones come in. DRAMMER stands for “Deterministic Rowhammer Attacks on Mobile Devices,” and it was able to be used against a number of Android phones in the past to gain root access.

 

How does RAMpage work?
 
RAMpage works primarily by abusing Android’s memory management system – the Android ION memory allocator. ION was introduced with Android 4.0 back at the end of 2011 and simply gives applications the memory they require to run. However, breaking this down means that you can access all memory on the device from within any application – an extremely dangerous situation. What was once protected memory no longer is once ION is broken down, and any malicious applications looking for data leakage could sift through this memory. While it’s hard to protect against DRAMMER (and, incidentally, Rowhammer) because it’s a hardware vulnerability, building safeguards around Android ION will mitigate most of the damage that can be done. The researchers call it GuardION and have released it open-source on GitHub.
 
What is GuardION?
 
GuardION is the proposed mitigation method put forward by those who discovered RAMpage. It simply sets up buffer rows around potentially exploitable software in RAM, such as Android ION. It’s a simple method, but it’s better for a few reasons. The first being that you obviously can’t replace the RAM module in every Android device released. The second is that, even in newer devices, hardware fixes will be harder on the battery as they will constantly have to refresh the memory. Hence protecting memory with software is easier. The researchers showed that GuardION has negligible memory overhead, better performance than Google’s attempts at preventing the exploit and prevents all known DMA (Direct Memory Access) attacks. However, while the researchers are in contact with Google, the company has determined that GuardION presents too large of a performance overhead for it to be incorporated into AOSP. GuardION doesn’t fix the hardware vulnerability, instead, it simply accounts for it and reduces the amount of damage it can do.
 
Am I vulnerable to RAMpage?
 
While chances are if you own an Android phone released since 2012 you are vulnerable, you can still install the DRAMMER test application from their official website below to see for yourself. While all of this seems scary, there is no public exploit available yet. While you should still be careful out there, there is currently no reason to worry as the exploit is not in the public domain. The researchers do not intend to release it at this point in time either. You can check out the original research paper below.

 
 


 
 


 
More in Electronics & Gadgets
Harley-Davidson To Enter 250-500 cc Motorcycle Segment In 2020

Harley-Davidson has confirmed a premium small displacement motorcycle for Asia, which help the brand expand its reach in the region including India.

Recently posted . 12 views

9 amazing car feature you didn't know..!!

Ever thought what all your car is capable of? No right!! Science and technology have made such incredible advancements that we humans sometimes fail to believe. H...

Recently posted . 4 views

Exclusive Adobe Premiere Rush app for Samsung devices available now

Adobe today released the Premiere Rush video editing app for Android. The exclusive version that Samsung talked about at the Galaxy S10 launch is now available as w...

Recently posted . 7 views

Hyundai Venue Launched; Here's Everything You Need To Know

Rivalling the Ford EcoSport, Tata Nexon, Mahindra XUV300 and the Maruti Suzuki Vitara Brezza, the Venue is in for an intense fight

Recently posted . 9 views

Apple launches its most powerful MacBook Pro laptop

Apple has introduced a new range of MacBook Pro laptops with 8th-generation and 9th-generation Intel Core processors. The new 15-inch Apple MacBook Pro now comes wi...

Recently posted . 8 views

Top 5 Best USB Phone Charger

A good USB charger will power your phone as fast as it and your cable allow. After testing 15 power adapters this year, it’s clear that the HGD 2.4 Amp Dual U...

Recently posted . 45 views

 
 
 

Prashnavali

Thought of the day

“The difference in winning and losing is most often…not quitting.”
Anonymous