Skip to main content

What is RAMPAGE Attack? Why does it Affect Every Android Since 2012

rampage-attack-android-rowhammer-bit-flipping.

No matter how secure Google calls its mobile operating system, it seems like  a determined security research could come up with a vulnerability any day. A team of eight researchers has done the same with their exploit having the unauthorized access to Android devices.
What is RAMPAGE Attack?

In 2012, with the release of Android ICS, Google introduced a new component to the Android kernel called ION that allocates memory for different apps and services. RAMPAGE targets ION, thus, making itself a thread to million of Android devices across the world.

 However, Android isn't to be blamed entirely. The attack originates out of a fundamental, more of a hardware error in the RAM chip called Rawhammer which works on ARM-based devices. In modern RAM chips, the memory cells are packed very close to each other. This could result in the cells leaking their charge and interact with other cells.
Each memory cells contains one memory bit which represents a unit of data in the RAM chip. An attack leveraging row hammer can be used to extract data from the RAM chip by changing the state of a memory bit from 0 to 1 and vice-versa, i.e., bit flipping.

How does RAMPAGE work?
A malicious app fitted with RAMPAGE can use the ION memory subsystem and cause a row of memory bits to change its state repeatedly until bit flipping happens in the adjacent row.
This way, an app could potentially attain admin level privileges to access the data of some other app which is not possible in regular scenarios. It can harvest confidential information like passwords from a password manager or browser, documents, photos, messages, etc.
“RAMPAGE breaks the most fundamental isolation between user applications and the operating system. This attack allows an app to take full administrative control over the device,” wrote the researchers on the website describing the attack.
Does it affect my device?
As mentioned above, every Android 4.0 and above devices released since 2012 that use LPDDR2, LPDDR3, or LPDDR4 RAM chip come under the radar. Although it’s not confirmed the attack could be crafted for iOS, Windows, MacOS, and also cloud servers.
However, the story isn’t as scary as it sounds. Modern operating systems don’t write all the information about an app in adjacent memory cells; it’s scattered across different cells. So, the process of flipping the bits may be easier but knowing what’s written on the memory bit isn’t.
An average Android smartphone with 32GB memory capacity has 32 billion bits. Given this fact, it would be nearly impossible for an attacker to pinpoint a particular piece of information. It’s nothing but a game of chance.
What should I do?
You can sit back and try not to worry. Google and Amazon are already notified about the RAMPAGE so it’s less likely that some malicious app would appear on Google Play. Moreover, it’s not known if the vulnerability is being exploited in the wild.
How do I check whether my device is vulnerable to RAMPAGE?
If you want, you can check whether your device is vulnerable to RAMPAGE by using the test app [direct link] created by the researchers. They have also created an app called GuardION which is meant to prevent attacks from modifying the memory cells.
It’s not the first time we have seen attack methods trying to explore hardware errors. In a similar attempt, a row hammer based attack called DRAMMER appeared in 2016 that affected Android devices.
Back then, there was a sense of satisfaction as it was less effective on LPDDR4 memory, but this doesn’t seem to be the case with RAMPAGE. Hopefully, devices makers and Google would come up with security patches soon.
Labels:
Location: India

Comments

Post a Comment

Popular posts from this blog

DJI Spark vs. Parrot Bebop 2 Which One Is The Best

It's a Parrot vs DJI drone showdown Earlier this year, DJI announced it would be taking on the entry-level, selfie drone market with its  Spark . Along with challengers like the  Yuneec Breeze , the smallest DJI quadcopter is priced within touching distance of the bigger  Parrot Bebop 2 . How do they compare? Weight The Bebop is significantly heavier than the Spark, but that extra weight is an advantage in some ways. More on that in a minute. Battery Parrot has slotted a big battery into the Bebop 2 – the original Bebop had an 1100 mAh unit, compared to the 2700 mAh pack in the latest Bebop 2. That translates to a healthy flight time, too. Flight Time Parrot has a massive advantage over DJI when it comes to flight time. The bigger battery in the Bebop affords it a healthy 25 minute flight time, compared to 16 minutes for the Spark. The heavier Parrot drone is also likely to stand up better to buffeting in high winds. Range Both d...
Post a Comment
Read more

Update Your Firefox Browser to Fix a Critical Remotely Exploitable Flaw

Mozilla has released an important update for its Firefox web browser to patch a critical vulnerability that could allow remote attackers to execute malicious code on computers running an affected version of the browser. The update comes just a week after the company rolled out its new Firefox Quantum browser, a.k.a Firefox 58, with some new features like improved graphics engine and performance optimizations and patches for more than 30 vulnerabilities. According to a security  advisory  published by Cisco, Firefox 58.0.1 addresses an 'arbitrary code execution’ flaw that originates due to 'insufficient sanitization' of HTML fragments in  chrome-privileged  documents (browser UI). Hackers could exploit this vulnerability (CVE-2018-5124) to run arbitrary code on the victim's computer just by tricking them into accessing a link or ' opening a file that submits malicious input to the affected software .' "A successful exploit could allow the a...
Post a Comment
Read more

8 Best Facebook Alternatives With Focus On Privacy For 2018

If you try to keep yourself updated with the latest developments in the technology and security world, you must be knowing about the recent Facebook-CA scandal. While most of us knew about Facebook’s relentless data collection practices, this revelation has forced many of us to raise questions and look for Facebook alternatives. Some are even looking for ways to permanently delete their Facebook account. There are many social networks, messaging apps, and news aggregation sites that you can get as a replacement of Facebook. So, let’s tell you about them in brief: Top 8 alternatives to Facebook’s website and app 1.  Vero The subscriber usage data is the bread and butter of social networks like Facebook. Vero is an option in this case as it’s based on the subscription model; so, it doesn’t show ads and collect data for the same. This fast-growing social media alternative is only app-based. They do collect your usage stats but make it av...
Post a Comment
Read more