New Rowhammer Attack Hijacks Android Smartphones Remotely

The proof of concept attack the researchers created to demonstrate their technique takes about two minutes, from a malicious site loading their javascript in the browser to running code on the victim’s phone. It can only run that code, however, within the privileges of the browser. That means it can potentially steal credentials or spy on browsing habits, but it can’t gain deeper access without a hacker exploiting other bugs in the phone’s software.

And most importantly, for now it targets only the Firefox browser, and phones that run the Snapdragon 800 and 801 systems-on-a-chip—Qualcomm mobile components that includes both CPU and GPU. That means they’ve only proven it to work on older Android phones like the LG Nexus 5, HTC One M8, or LG G2, the most recent of which was released four years ago.

Source: wired.com