Millions of devices at risk from Rowhammer Android vulnerability


A new security vulnerability that allows hackers to control Android devices has been discovered by researchers from VUSec Lab at the Vrije Universiteit Amsterdam.

They revealed that hackers could gain access to smartphones and exploit data that is stored on memory chips or other parts of the device. This means that, in theory at least, other devices including iPhones could also be susceptible.

The Rowhammer Android vulnerability is significant as it targets hardware such as memory chips, rather than software, and could be used to potentially root millions of Android devices.

The new exploit means hackers gain access to certain apps without needing to request special permission. They have already found that they can attack devices made by LG, Samsung, Motorola and OnePlus.

The bad news for all of this is that there appears to be no quick fix as previously hardware bugs had not even been considered a possibility.

“Until recently, we never even thought about hardware bugs [and]software was never written to deal with them. Now, we are using them to break your phone or tablet in a fully reliable way and without relying on any software vulnerability or esoteric feature. And there is no quick software update to patch the problem and go back to business as usual,” one of the researchers, Victor van der Veen explained.

It should be stressed that not all devices made by the manufacturers above have been compromised.

However, the older the device the more vulnerable it is to the vulnerability.

The researches informed Google of the vulnerability in July and received a $4,000 reward from its bug bounty program.

It should be said that Google is still working on a fix, and plans to release it in the November security bulletin. Veen believes that the fix won’t completely eliminate the problem but it will make attacks harder.

Source: Arstechnica


Comments are closed.