Every Android device is susceptible to a hardware vulnerability called RAMpage
Electronics & Gadgets  
xda-developers

We have consistently seen various vectors of attack rear their head when it comes to Android smartphones. We’ve seen Shattered Trust, Cloak and Dagger, and Rowhammer, just to name a few. RAMpage is the latest one on the block, and while it is a hardware vulnerability, it doesn’t necessarily need physical access to your device to exploit. How it works is relatively simple.

 

When a CPU reads or writes a row of bits in the RAM module present on the device, the neighboring rows are slightly affected due to a tiny electric discharge. This isn’t usually a problem as we know RAM does this and that’s why it’s periodically refreshed to make sure nothing goes wrong. But what if we start “hammering” the same “row”? What if we continuously read or write to the same row in order to disrupt neighboring rows? This can cause a bit-flip in a memory row that we shouldn’t own or have access to at all. That’s what Rowhammer is, and it’s being used as part of a larger vulnerability called RAMpage. The CVE is CVE-2018-9442 and it affects devices shipped with LPDDR2, LPDDR3, or LPDDR4 RAM. We’ve already covered Rowhammer in greater depth here.
 
The Team Behind RAMpage
 
Vrije Universiteit Amsterdam
 
TU Wien
 
EURECOM
 
*Harikrishnan Padmanabha Pillai, MSc.
IBM
 
*Prof. Dr. Giovanni Vigna
UC Santa Barbara
 
UC Santa Barbara
 
*Prof. Dr. Herbert Bos
Vrije Universiteit Amsterdam
 
Vrije Universiteit Amsterdam
 
What is RAMpage?
 
RAMpage isn’t exactly new, so to say. RAMpage is a hardware vulnerability which implements Rowhammer and other, smaller exploits. RAMpage can be used to gain root access on a device, but the researchers managed to get it to do a whole lot more as well. It could be used to bypass JavaScript sandboxes and even perform an attack running on another virtual machine on the same computer on x86 devices. ARM-based devices are also vulnerable, and that’s where our Android phones come in. DRAMMER stands for “Deterministic Rowhammer Attacks on Mobile Devices,” and it was able to be used against a number of Android phones in the past to gain root access.

 

How does RAMpage work?
 
RAMpage works primarily by abusing Android’s memory management system – the Android ION memory allocator. ION was introduced with Android 4.0 back at the end of 2011 and simply gives applications the memory they require to run. However, breaking this down means that you can access all memory on the device from within any application – an extremely dangerous situation. What was once protected memory no longer is once ION is broken down, and any malicious applications looking for data leakage could sift through this memory. While it’s hard to protect against DRAMMER (and, incidentally, Rowhammer) because it’s a hardware vulnerability, building safeguards around Android ION will mitigate most of the damage that can be done. The researchers call it GuardION and have released it open-source on GitHub.
 
What is GuardION?
 
GuardION is the proposed mitigation method put forward by those who discovered RAMpage. It simply sets up buffer rows around potentially exploitable software in RAM, such as Android ION. It’s a simple method, but it’s better for a few reasons. The first being that you obviously can’t replace the RAM module in every Android device released. The second is that, even in newer devices, hardware fixes will be harder on the battery as they will constantly have to refresh the memory. Hence protecting memory with software is easier. The researchers showed that GuardION has negligible memory overhead, better performance than Google’s attempts at preventing the exploit and prevents all known DMA (Direct Memory Access) attacks. However, while the researchers are in contact with Google, the company has determined that GuardION presents too large of a performance overhead for it to be incorporated into AOSP. GuardION doesn’t fix the hardware vulnerability, instead, it simply accounts for it and reduces the amount of damage it can do.
 
Am I vulnerable to RAMpage?
 
While chances are if you own an Android phone released since 2012 you are vulnerable, you can still install the DRAMMER test application from their official website below to see for yourself. While all of this seems scary, there is no public exploit available yet. While you should still be careful out there, there is currently no reason to worry as the exploit is not in the public domain. The researchers do not intend to release it at this point in time either. You can check out the original research paper below.

 
 


 
 


 
More in Electronics & Gadgets
Apple launches new AirPods with improved talk time

The new AirPods will be available to order through Apple authorised resellers later this spring, the company said. 

Recently posted . 11 views

How to book train tickets in India straight from the Google Pay app

Google Pay (earlier named Tez) has recently rolled out the ability to book train tickets in India straight from the app – both on iOS and Android. The money w...

Recently posted . 42 views

Gegadyne Energy’s battery technology can dash-charge electric vehicles...

The Mumbai startup, founded by two college dropouts, aims to popularise EVs in India by making cheaper, lighter, and environment-friendly battery packs.

Recently posted . 10 views

Buy this fancy iPhone for Rs 5.8 lakh

Russian luxury brand Caviar has announced 99 pieces of iPhone XS and XS Max models at the starting price of $8,370 (nearly Rs 5.8 lakh), that come with a mechanic...

Recently posted . 11 views

Mozilla launches Firefox Send, a free file transfer service

Mozilla has launched Firefox Send, a free file sharing service where users can upload files to the service and then share the URL with others.

1 week ago . 75 views

 
 
 

Prashnavali

Thought of the day

“A smile is the best makeup any girl can wear.”
Marilyn Monroe