'Rowhammer' Attack Can Hijack Smartphones Via Browser

Messing effectually with the electrical charge of a DRAM flake tin actually be an effective manner to hijack a smartphone.

On Thursday, a team of Dutch security researchers unveiled some new findings regarding "Rowhammer," an unintended side effect in DRAM fries that can exist used to tamper with an unabridged reckoner.

Researchers at Vrije Universiteit Amsterdam are showing how a once-theoretical problem can present a real security threat. They've managed to exploit Rowhammer simply by using Javascript in a mobile browser to hack an Android smartphone under ii minutes.

The researchers telephone call their proof-of-concept set on "GLitch," and take presented their findings in a new paper. "Our GLitch exploit shows that browser-based Rowhammer attacks are entirely applied," the authors write.

The Rowhammer threat came to light in 2022 when research showed that constantly accessing a computer's DRAM can create a problem: if you lot repeatedly activate the memory cells you can trigger the electrical charges to fluctuate, potentially altering the data your DRAM stores.

That'south a large problem. By exploiting the Rowhammer effect, one program can theoretically manipulate other software running over the computer's DRAM, including the operating system itself.

Since Rowhammer became public in 2022, security experts accept been studying the threat, and demonstrating ways it tin can be exploited for malicious effect. 2 years ago, the researchers at Vrije Universiteit showed how Rowhammer tin exist abused with a malicious app to root an Android phone, and proceeds authoritative privileges.

On Thursday, the Dutch researchers debuted their new "GLitch" attack, which they say can exploit Rowhammer on three older Android smartphones: the LG Nexus 5, the HTC One M8 and the LG G2.

A demo of their attack on a Nexus five shows information technology running over Mozilla'south Firefox browser to gain read/write privileges, giving the researchers the power to execute lawmaking over the software. To manipulate the DRAM, the attack leverages Firefox'due south back up for a Javascript API that tin control the device'due south graphics processor.

"These attacks are quite powerful, assuasive circumvention of state-of-the-fine art defenses," the researchers write in their paper. "More alarming, these attacks can exist launched from the browser," they added, noting that Google's Chrome browser was susceptible to the same threat.

Fortunately, both Google and Mozilla accept introduced fixes that address the researchers' proposed GLitch assault.

"We mitigated this remote vector in Chrome on March 13, and nosotros are working with other browsers so they can implement similar protections," Google said in a statement.

Rowhammer certainly presents some agonizing implications, just co-ordinate to Google the threat is yet largely theoretical. Aside from the researchers' proof-of-concept assail, the visitor hasn't encountered a fully working exploit that leverages the aforementioned technique.

Indeed, hackers have no demand to build their tactics around Rowhammer. Afterwards all, they already possess an arsenal of means to hack your PC or telephone through tried-and-true methods that don't' require researching how to manipulate a computer's DRAM. (Information technology'south also of import to note the Nexus 5 used in the GLitch proof-of-concept attack suffers from outdated software that's vulnerable to many other bugs.)

However, the Dutch researchers are underscoring that the Rowhammer threat is not just real, merely has the potential to cause some real mayhem. "This makes it possible for an attacker who controls a malicious website to go remote code execution on a smartphone without relying on any software bug," they warned in their findings.

Co-ordinate to the researchers, there's no way to fully block a phone'south GPU from tampering with the DRAM. Nevertheless, the team has been working with Google on options to solve the upshot, merely ideally hardware vendors will have to come up with a more permanent ready.

Source: https://sea.pcmag.com/news/20954/rowhammer-attack-can-hijack-smartphones-via-browser

Posted by: feltonandesch.blogspot.com

Share this post