Rowhammer” is a hacking technique that researches have been experimenting with for the past four years. Rowhammer is designed to break the security of a computer by manipulating the physical electric charge of computer memory chips. This may then corrupt the computer data. Unfortunately, black hat hackers are exploiting Rowhammer by targeting Android phones though the Internet. As of this date, there is no specific software patch to fix Rowhammer.
Cyber researchers at Vrije Universiteit[1] in the Netherlands, recently published cyber analysis which detail a new form of the Rowhammer attack technique, titled "GLitch." Like previous attack versions, it uses Rowhammer's hoax methods of inducing electric leaks into a computer memory to change ones to zeros and vice versa in the stored data. This is called, "bit flips." This new practice allows a hacker to run malicious code on some Android phones after the victim innocently visits a malicious web page. GLitch is the first known “smartphone” targeted implementation of the Rowhammer attack.
The Vrije Universiteit paper fully explains the processes and dangers of Glitch. The concern is not only “flipping bits,” but a bad actor eventually owning your smart phone. As of this date, Glitch only is targeting the Firefox browser, and smart phones that run the Snapdragon 800 and 801 systems-on-a-chip (Qualcomm mobile components that includes both CPU and GPU). This translates to vulnerable older (4 year old vintage) Android phones like the LG Nexus 5, HTC One M8, or LG G2.
That last point may represent a serious limitation to the attack. But Frigo explains that the researchers tested older phones like the Nexus 5 simply because they had more of them around in the lab when they began their work in February of last year. They also knew, based on their previous Android Rowhammer research, that they could achieve basic bit-flips in their memory before attempting to write a full exploit. Frigo says that while their attack would have to be rewritten for different phone architectures, he expects that with additional reverse-engineering time it would work on newer phones as well, or against victims running other mobile browsers. "It requires some effort to figure out," says Frigo. "It might not work [on other software or architectures], or it might work even better." Many cyber researchers believe that Glitch is not a current real threat to the vast majority of Android users. Firefox in its latest version release, makes determining the location of data in memory more difficult. Software changes to Chrome to block this attack technique has been implemented yet caution to our members is warranted.
Mitigation and Recommendations:
- Update Mozilla - Firefox version: 59.0 · 59.0.1.
- If possible, use devices that support the most current Chrome: 67.0.3396.26 (Platform version: 10575.22.0).
- Always be vigilant to unknown web sites.
If you are interested in more information on this subject, please contact us at feedback@wapacklabs.com
[1] https://research.vu.nl/en/publications/drammer-deterministic-rowhammer-attacks-on-mobile-platforms-2
Comments