Skip to main content

What is RAMPAGE Attack? Why does it Affect Every Android Since 2012

rampage-attack-android-rowhammer-bit-flipping.

No matter how secure Google calls its mobile operating system, it seems like  a determined security research could come up with a vulnerability any day. A team of eight researchers has done the same with their exploit having the unauthorized access to Android devices.
What is RAMPAGE Attack?

In 2012, with the release of Android ICS, Google introduced a new component to the Android kernel called ION that allocates memory for different apps and services. RAMPAGE targets ION, thus, making itself a thread to million of Android devices across the world.

 However, Android isn't to be blamed entirely. The attack originates out of a fundamental, more of a hardware error in the RAM chip called Rawhammer which works on ARM-based devices. In modern RAM chips, the memory cells are packed very close to each other. This could result in the cells leaking their charge and interact with other cells.
Each memory cells contains one memory bit which represents a unit of data in the RAM chip. An attack leveraging row hammer can be used to extract data from the RAM chip by changing the state of a memory bit from 0 to 1 and vice-versa, i.e., bit flipping.

How does RAMPAGE work?
A malicious app fitted with RAMPAGE can use the ION memory subsystem and cause a row of memory bits to change its state repeatedly until bit flipping happens in the adjacent row.
This way, an app could potentially attain admin level privileges to access the data of some other app which is not possible in regular scenarios. It can harvest confidential information like passwords from a password manager or browser, documents, photos, messages, etc.
“RAMPAGE breaks the most fundamental isolation between user applications and the operating system. This attack allows an app to take full administrative control over the device,” wrote the researchers on the website describing the attack.
Does it affect my device?
As mentioned above, every Android 4.0 and above devices released since 2012 that use LPDDR2, LPDDR3, or LPDDR4 RAM chip come under the radar. Although it’s not confirmed the attack could be crafted for iOS, Windows, MacOS, and also cloud servers.
However, the story isn’t as scary as it sounds. Modern operating systems don’t write all the information about an app in adjacent memory cells; it’s scattered across different cells. So, the process of flipping the bits may be easier but knowing what’s written on the memory bit isn’t.
An average Android smartphone with 32GB memory capacity has 32 billion bits. Given this fact, it would be nearly impossible for an attacker to pinpoint a particular piece of information. It’s nothing but a game of chance.
What should I do?
You can sit back and try not to worry. Google and Amazon are already notified about the RAMPAGE so it’s less likely that some malicious app would appear on Google Play. Moreover, it’s not known if the vulnerability is being exploited in the wild.
How do I check whether my device is vulnerable to RAMPAGE?
If you want, you can check whether your device is vulnerable to RAMPAGE by using the test app [direct link] created by the researchers. They have also created an app called GuardION which is meant to prevent attacks from modifying the memory cells.
It’s not the first time we have seen attack methods trying to explore hardware errors. In a similar attempt, a row hammer based attack called DRAMMER appeared in 2016 that affected Android devices.
Back then, there was a sense of satisfaction as it was less effective on LPDDR4 memory, but this doesn’t seem to be the case with RAMPAGE. Hopefully, devices makers and Google would come up with security patches soon.
Labels:
Location: India

Comments

Post a Comment

Popular posts from this blog

Google starts rolling out ‘Call Screen’ feature for Pixel smartphones

San Francisco, Dec 2 (IANS) Google has started rolling out a feature for its Pixel smartphones that lets users make use of the Google Assistant to see who is calling and why before they answer a call. The feature allows users to see a real-time transcript of how the caller responds so that they can then decide whether to pick up, respond by tapping a quick reply (for example, “I’ll call you back later”), or mark the call as spam and dismiss. “Call Screen is only available to English speakers in the United States who have Pixel 2, 2 XL, 3, or 3XL devices. If you don’t see Call Screen in the Phone app’s settings, it’s not available yet,” Google said. Call Screen, which can help users save the time spent on picking up unimportant calls from unknown numbers, does not use Wi-Fi or mobile data of the user. This feature does not work with third-party call recording and screen recording apps as these apps may interfere with how the feature works. It is better to turn off these app...
Post a Comment
Read more

Microsoft To Update Windows ‘Notepad App’ After Years, Teases New Features

E very week or the other, Microsoft releases a new build for the fast ring insiders. The latest Windows 10 Insider Preview Build 17713 bring a pack of surprises for Windows users. Redmond always listens to users, and this time, they have heard to Notepad users who were fed up with the uninteresting interface. Microsoft is giving its text editor Notepad new features after a very long time. Yes, the very same app that people use to write random text, create batch files and HTML pages, etc. Among the new Notepad features being added to Windows, you would be able to zoom into text by using the mouse wheel while holding down the Ctrl key. A long requested feature is coming for users; Microsoft is adding ctrl+backspace support to delete a previous word. Other than these, you will now have the ability to wrap around find and replace. Also, the status bar is now enabled by default in Notepad. There are few performance improvements for large...
Post a Comment
Read more

Chrome Web Browser Will Now Use 10% More RAM With Spectre Fix

A new security feature named ‘Site Isolation’ has been introduced for Google Chrome 67 which would nullify the effects of speculative execution side-channel attacks like Spectre. To put things to the perspective, Spectre is one of the two fundamental design flaws in the  modern processors, which allow programs to get access to the data for which it is not authorized. Malicious data can exploit this flaw to steal your password and other personal information. What is Site Isolation? The new Site Isolation feature introduced in Google Chrome 67 brings about a fundamental change to Chrome’s architecture. Now, Chrome has changed how its multi-process architecture worked and different tabs used different render processes. According to the new architecture, Chrome limits each renderer process to a single site. By this separation of processes, Google aims to prevent direct memory reading across different processes to safeguard users’ data. According to G...
Post a Comment
Read more