Researchers have demonstrated a way for the Rowhammer exploit, found previously in PCs, to be used on mobile devices...
that are ARM-based. In fact, researchers say the exploit may be more effective on mobile devices. What is the issue with ARM, and how does it enable more effective Rowhammer attacks?
Hardware-based security vulnerabilities and attacks are not commonplace, but they do exist, and could provide access to an otherwise secure system.
Researchers from the Vrije Universiteit Amsterdam in the Netherlands and the University of California in Santa Barbara found that the Flip Feng Shui technique allows the Rowhammer hardware bug to be exploited by a deterministic Rowhammer, or Drammer, attack. Besides PCs and Android mobile devices using ARM processors, the deterministic Rowhammer attacks could extend to cloud services.
How the Drammer attack impacts ARM devices
The issue with ARM is similar to problems faced by other hardware platforms using vulnerable dynamic RAM, even though the ARM platform is significantly different than devices running on the x86 processor. The ARM CPU uses RISC CPU architecture, and is less complex than the complex instruction set computing CPU architecture that x86 uses. ARM relies more on external memory than x86, since x86 CPUs have memory included in the chip.
Researchers were unsure if the memory access would be fast enough on ARM to be vulnerable to Rowhammer-style bugs. The researchers investigated how to access memory in different ways on Android, running as root initially, and then eventually establishing a way to do it via a nonprivileged user. The researchers could use the Drammer attack to manipulate data stored in RAM on vulnerable devices.
The researchers were able to demonstrate an example of how a Drammer attack would work: after getting a targeted user to open a malicious URL, the attacker chains Drammer to the Statefright exploit to get remote code execution, and then to gain root privileges.
The researchers released a Drammer test tool to test if your mobile device is vulnerable, but did not release the exploit code. Google has released patches to provide some protection from the attack, but those do not completely stop it.
The Drammer attack is low-risk, given the complexity of the bug and limited vulnerable devices. However, it could be used in a targeted attack.
Learn how to prevent Rowhammer bit flipping attacks
Find out the kinds of problems created by branded vulnerability marketing
Discover how data can be used to manage vulnerable software
Dig Deeper on Information security threats
Related Q&A from Nick Lewis
Cloud penetration testing presents new challenges for information security teams. Here's how a playbook from the Cloud Security Alliance can help ... Continue Reading
Island hopping attacks create enterprise risk by threatening their business affiliates. Here's how to create an incident response plan to mitigate ... Continue Reading
Many cloud providers are tight-lipped about internal security control details. Learn how to evaluate cloud security providers with certifications and... Continue Reading