New Rowhammer Exploits use Hardware Vulnerabilities to Root LG, Samsung, and Motorola Devices
Google is constantly at war with hackers seeking to maliciously exploit security vulnerabilities in their products. Back in the middle of 2014, Google assembled a team of security analysts called ‘Project Zero‘ to report zero-day exploits to the company so they can be patched before any nefarious third-party can take advantage of the undisclosed security hole. One such vulnerability, dubbed the ‘Rowhammer’ exploits, involves repeatedly accessing a row of memory to cause ‘bit-flips‘ in adjacent rows of memory. This exploit occurs in some DRAM devices and can be used to gain read-write privileges to all of physical memory even within a user-space process.
Researchers from Carnegie Mellon and Intel Labs disclosed this bit-flip exploit in certain DRAM devices manufactured in 2012-2013. At the time, however, the researchers believed that Rowhammer was not readily exploitable due to it relying on “chance hardware faults” that were mostly repelled by adapting some advanced memory-management features. But in March of 2015, Google’s Project Zero discussed possible methods of exploiting this DRAM vulnerability to gain kernel privileges, however they were unsure to what extent this vulnerability could be used on other machines or operating systems. It now appears that various Android devices from LG, Samsung, and Motorola are exploitable via a new proof-of-concept attack named ‘Drammer.’ The new attack demonstrates a reliable method of attaining root access from a user-space app without any permissions.
One of the security researchers responsible for the proof-of-concept, Victor van der Veen, states there isn’t a “quick software update” that can protect users from these types of attacks. While the attack is not completely consistent on all of the tested devices, the success rate of the exploit is still alarming. So far, the researchers have stated they were able to root the Nexus 4, Nexus 5, LG G4, 2013 Moto G, 2014 Moto G, Galaxy S4, Galaxy S5, and the OnePlus One. To give you an idea of the exploit’s consistency, the team states they were able to break into 12 out of 15 Nexus 5 smartphones that they tested. On the other hand, the team was able to successfully exploit only one out of two Samsung Galaxy S5 smartphones they could test.
The team has already disclosed the exploit to Google back in July of this year and were awarded $4,000 for their efforts. Since then, Google has been working on patching this critical vulnerability and informing Android OEMs on how to patch their devices. An update to patch this exploit is said to be included in the upcoming November security update. For those of you who have devices that will not be receiving the November security update, the researchers state that they will be publishing an application in the Play Store so you can test to see if your device is vulnerable.
The team has even uploaded a video to YouTube to demonstrate the hack happening on a Nexus 5 running Android 6.0.1 with the latest October security patches.Source: Ars Technica