New Rowhammer attack can be used to hack Android devices remotely [source: helpnetsecurity]

Researchers from Vrije Universiteit in Amsterdam have demonstrated that it is possible to use a Rowhammer attack to remotely hack Android phones.

What is a Rowhammer attack?

“The Rowhammer attack targets the design of DRAM memory. On a system where the DRAM is insufficiently refreshed, targeted operations on a row of DRAM memory may be able to influence the memory values on neighboring rows,” the CERT Division of the Software Engineering Institute (SEI) at Carnegie Mellon University succinctly explained.

The result of such an attack is that the value of one or more bits in physical memory (in this case GPU memory) is flipped, and may offer new access to the target system.

Successful Rowhammer attacks have been previously demonstrated against local machinesremote machines, and Linux virtual machines on cloud servers.

The GLitch attack

The researchers dubbed their attack “GLitch,” as it leverages WebGL, a JavaScript API for rendering interactive graphics in web browsers, to determine the physical memory layout of the DRAM memory before starting the targeted Rowhammer attack.

For more, click here.