For the real outset time, safety researchers accept discovered an effective agency to exploit a four-year-old hacking technique called Rowhammer to hijack an Android telephone remotely.
Dubbed GLitch, the proof-of-concept technique is a novel add-on to the Rowhammer attack serial which leverages embedded graphics processing units (GPUs) to bear out a Rowhammer assail against Android smartphones.
Rowhammer is a occupation alongside recent generation dynamic random access retention (DRAM) chips inward which repeatedly accessing a row of retention tin orbit the sack drive "bit flipping" inward an following row, allowing anyone to alter the value of contents stored inward reckoner memory.
Known since at to the lowest degree 2012, the number was outset exploited yesteryear Google's Project Zero researchers inward early on 2015, when they pulled off remote Rowhammer attacks on computers running Windows together with Linux.
Last year, a squad of researchers inward the VUSec Lab at Vrije Universiteit Amsterdam demonstrated that the Rowhammer technique could besides work on Android smartphones, but alongside a major limitation of a malicious application beingness outset installed on the target phone.
However, the same squad of researchers has at 1 time shown how their proof-of-concept assail "GLitch," tin orbit the sack exploit the Rowhammer assail technique but yesteryear hosting a website running malicious JavaScript code to remotely hack an Android smartphone nether precisely 2 minutes, without relying on whatsoever software bug.
Since the malicious code runs solely within the privileges of the spider web browser, it tin orbit the sack spy on user's browsing blueprint or bag their credentials. However, the assailant cannot gain farther access to user's Android phone.
GLitch is the outset remote Rowhammer technique that exploits the graphics processing units (GPU), which is constitute inward almost all mobile processors, instead of the CPU that was exploited inward all previous theorized versions of the Rowhammer attack.
Since the ARM processors within Android smartphones include a type of cache that makes it hard to access targeted rows of memory, researchers brand run of GPU, whose cache tin orbit the sack hold out to a greater extent than easily controlled, allowing hackers to hammer targeted rows without whatsoever interference.
The technique is named GLitch alongside outset ii letters capitalized because it uses a widely used browser-based graphics code library known every bit WebGL for rendering graphics to trigger a known glitch inward DDR3 together with DDR4 retention chips.
Currently, GLitch targets smartphones running the Snapdragon 800 together with 801 organisation on a chip—that includes both CPU together with GPU—meaning the PoC plant solely on older Android phones similar the LG Nexus 5, HTC One M8, or LG G2. The assail tin orbit the sack hold out launched against Firefox together with Chrome.
In a video demonstration, the researchers present their JavaScript-based GLitch assail on a Nexus five running over Mozilla's Firefox browser to gain read/write privileges, giving them the mightiness to execute malicious code over the software.
Since Rowhammer exploits a reckoner hardware weakness, no software piece tin orbit the sack completely laid the issue. Researchers tell the Rowhammer threat is non solely existent but besides has the potential to drive about real, severe damage.
Although there's no agency to fully block an Android phone's GPU from tampering alongside the DRAM, the squad has been working alongside Google on ways to solve the problem.
For to a greater extent than in-depth details on the novel assail technique, yous tin orbit the sack caput on to this informational page almost GLitch together with this newspaper [PDF] published yesteryear the researchers.
Dubbed GLitch, the proof-of-concept technique is a novel add-on to the Rowhammer attack serial which leverages embedded graphics processing units (GPUs) to bear out a Rowhammer assail against Android smartphones.
Rowhammer is a occupation alongside recent generation dynamic random access retention (DRAM) chips inward which repeatedly accessing a row of retention tin orbit the sack drive "bit flipping" inward an following row, allowing anyone to alter the value of contents stored inward reckoner memory.
Known since at to the lowest degree 2012, the number was outset exploited yesteryear Google's Project Zero researchers inward early on 2015, when they pulled off remote Rowhammer attacks on computers running Windows together with Linux.
Last year, a squad of researchers inward the VUSec Lab at Vrije Universiteit Amsterdam demonstrated that the Rowhammer technique could besides work on Android smartphones, but alongside a major limitation of a malicious application beingness outset installed on the target phone.
However, the same squad of researchers has at 1 time shown how their proof-of-concept assail "GLitch," tin orbit the sack exploit the Rowhammer assail technique but yesteryear hosting a website running malicious JavaScript code to remotely hack an Android smartphone nether precisely 2 minutes, without relying on whatsoever software bug.
Since the malicious code runs solely within the privileges of the spider web browser, it tin orbit the sack spy on user's browsing blueprint or bag their credentials. However, the assailant cannot gain farther access to user's Android phone.
Here's How GLitch Attack Works
Since the ARM processors within Android smartphones include a type of cache that makes it hard to access targeted rows of memory, researchers brand run of GPU, whose cache tin orbit the sack hold out to a greater extent than easily controlled, allowing hackers to hammer targeted rows without whatsoever interference.
The technique is named GLitch alongside outset ii letters capitalized because it uses a widely used browser-based graphics code library known every bit WebGL for rendering graphics to trigger a known glitch inward DDR3 together with DDR4 retention chips.
Currently, GLitch targets smartphones running the Snapdragon 800 together with 801 organisation on a chip—that includes both CPU together with GPU—meaning the PoC plant solely on older Android phones similar the LG Nexus 5, HTC One M8, or LG G2. The assail tin orbit the sack hold out launched against Firefox together with Chrome.
In a video demonstration, the researchers present their JavaScript-based GLitch assail on a Nexus five running over Mozilla's Firefox browser to gain read/write privileges, giving them the mightiness to execute malicious code over the software.
"If you're wondering if nosotros tin orbit the sack trigger flake flips on Chrome the response is yes, nosotros can. As a thing of fact, most of our interrogation was carried out on Chrome," the researchers said. "We thus switched to Firefox for the exploit precisely because nosotros had prior noesis of the platform together with constitute to a greater extent than documentation."
No Software Patch Can Fully Fix the Rowhammer Issue
Since Rowhammer exploits a reckoner hardware weakness, no software piece tin orbit the sack completely laid the issue. Researchers tell the Rowhammer threat is non solely existent but besides has the potential to drive about real, severe damage.
Although there's no agency to fully block an Android phone's GPU from tampering alongside the DRAM, the squad has been working alongside Google on ways to solve the problem.
For to a greater extent than in-depth details on the novel assail technique, yous tin orbit the sack caput on to this informational page almost GLitch together with this newspaper [PDF] published yesteryear the researchers.