New RAMpage exploit revives Rowhammer attack to root Android devices
In late 2016, Google’s security team scrambled to fix a critical vulnerability that allowed attackers to gain unfettered root access to Android devices by using a relatively new class of exploit that manipulates data stored in memory chips. Now, 21 months later, many of the same researchers behind the attack, dubbed Drammer, are back to say that a large number of Android phones and tablets remain vulnerable to the rooting attacks because the patches Google deployed weren’t adequate. The original Rowhammer attack against PCs made it possible for an untrusted computer application to gain nearly unfettered system privileges or to bypass security sandboxes designed to keep malicious code from accessing sensitive operating system resources.
The researchers said Google engineers have yet to implement it because they “concluded that GuardION results in more ‘performance overhead’ on real-world apps than we report in our paper.” The researchers say they’re working with Google to find ways to reduce the performance costs GuardION has on real-world apps.