Search
Keywords
Latest topics
Streaming Point - Live
Stream your favourite Local & International Channels Live NOW AVAILABLE >>visit streaming pointTop posting users this month
No user |
memory chips vulnerabilities targeted for root access
I-C-T HELPLINE [E.A] :: HOME :: ANDROID
Page 1 of 1 • Share
memory chips vulnerabilities targeted for root access
Researchers have devised an attack that gains unfettered "root" access to a large number of Android phones, exploiting a relatively new type of bug that allows adversaries to manipulate data stored in memory chips.
The breakthrough has the potential to make millions of Android phones vulnerable, at least until a security fix is available, to a new form of attack that seizes control of core parts of the operating system and neuters key security defenses. Equally important, it demonstrates that the new class of exploit, dubbed Rowhammer, can have malicious and far-reaching effects on a much wider number of devices than was previously known, including those running ARM chips.
Previously, some experts believed Rowhammer attacks that altered specific pieces of security-sensitive data weren't reliable enough to pose a viable threat because exploits depended on chance hardware faults or advanced memory-management features that could be easily adapted to repel the attacks. But the new proof-of-concept attack developed by an international team of academic researchers is challenging those assumptions.
An app containing the researchers' rooting exploit requires no user permissions and doesn't rely on any vulnerability in Android to work. Instead, their attack exploits a hardware vulnerability, using a Rowhammer exploit that alters crucial bits of data in a way that completely roots name brand Android devices from LG, Motorola, Samsung, OnePlus, and possibly other manufacturers.
No quick fix
"Until recently, we never even thought about hardware bugs [and] software was never written to deal with them," one of the researchers, Victor van der Veen, wrote in an e-mail. "Now, we are using them to break your phone or tablet in a fully reliable way and without relying on any software vulnerability or esoteric feature. And there is no quick software update to patch the problem and go back to business as usual."
So far, "Drammer," as the researchers have dubbed their exploit, has successfully rooted the following handsets: the Nexus 4, Nexus 5, and G4 from LG; Moto G models from 2013 and 2014 made by Motorola; the Galaxy S4 and Galaxy S5 from Samsung; and the One from OnePlus. In some cases, the results aren't always consistent. For example, only 12 of the 15 Nexus 5 models were successfully rooted, while only one of two Galaxy S5 were compromised.
The researchers aren't certain why their results are inconsistent. They theorize that the age of a given device may play a role, since extended or intensive use may wear down cells inside the memory chips over time. Another possibility is that memory chips from some suppliers are more resilient to Rowhammer than others. (It's not uncommon for different generations of the same phone model to use different memory chips.) The researchers expect to soon publish an app that allows people to test their individual phone and anonymously include the results in a running tally that will help researchers better track the list of vulnerable devices. (Update 10/24/2016 6:10 California time: The app still hasn't gone live in Google Play.
The researchers privately reported their findings to Google engineers in July, and the company has designated the vulnerability as "critical," its highest severity rating. Google also awarded the researchers $4,000 under the company's bug bounty reward program. Google informed its manufacturing partners of the vulnerability earlier this month and plans to release an update in November, but the researchers warned it doesn't conclusively fix the underlying Rowhammer hardware bug. Instead, it only makes the vulnerability much harder to exploit by restricting an app's access to "physical contiguous kernel memory," as carried out by Drammer.
"I will have to check once the patch is out, but I expect that we could still find bit flips," van der Veen stated. "Exploiting them would be harder, but probably not impossible."
Google continues to work on a long term solution.
I-C-T HELPLINE [E.A] :: HOME :: ANDROID
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum
Tue Apr 28, 2020 10:30 am by Admin
» Konza Tech City Development Progress
Tue Aug 20, 2019 7:42 am by Admin
» \Transforming cities with technology | The Economist
Thu Jul 25, 2019 12:59 pm by Admin
» FaceApp goes viral with old-age filter, but spurs privacy concerns with Russian roots
Thu Jul 18, 2019 8:38 pm by Admin
» Hacking Windows Passwords in Minutes - SMB Brute Force Payload for Bash Bunny - Hak5 2518
Thu Jun 27, 2019 4:43 pm by Admin
» early 1990s to the present day pc-motherboards explained
Tue Jun 25, 2019 11:58 pm by Admin
» whatsapp banned users
Fri Jun 14, 2019 1:20 pm by Admin
» 21st Century Hackers - Documentary
Tue Jun 11, 2019 7:05 pm by Admin
» The mind behind Linux | Linus Torvalds
Mon Jun 10, 2019 7:30 pm by Admin
» 10 Things ONLY PS2 Owners Will Understand ~/ Game Reviews .
Sun Jun 09, 2019 3:55 pm by Admin
» US Supreme Court Allows iPhone Users to Sue Apple for App Store Monopoly.
Tue May 14, 2019 3:57 am by Admin
» How do Airplanes fly? #Insight
Fri Mar 15, 2019 11:50 am by Admin
» How does your mobile phone work? #documentary
Mon Mar 04, 2019 5:06 pm by Admin
» NEW VIRUS ALERT - facebook exploit Dubbed "free facebook"
Thu Feb 28, 2019 8:17 am by Admin
» Where Corporate Leaders Go Wrong Vusi Thembekwayo
Sun Feb 03, 2019 4:41 pm by Admin
» Finance Indaba CPD TV: Vusi Thembekwayo's essential 2017 keynote on change and transformation
Sun Feb 03, 2019 3:16 pm by Admin
» Vusi Thembekwayo delivers inspirational keynote to young African leaders
Sun Feb 03, 2019 12:40 pm by Admin
» Inside a Huge PCB Factory - in China
Fri Feb 01, 2019 10:43 am by Admin
» Did you know your mouse has a small camera?
Fri Feb 01, 2019 1:39 am by Admin
» Making multi Camera USB using old laptop webcams
Fri Feb 01, 2019 1:33 am by Admin
» Making an External Monitor from a Laptop Screen
Fri Feb 01, 2019 1:25 am by Admin
» Making simple electronic components
Fri Feb 01, 2019 1:21 am by Admin
» crafts & homemade inventions
Fri Feb 01, 2019 1:18 am by Admin
» 6 Amazing EXPERIMENTS with Magnets and other items
Fri Feb 01, 2019 1:15 am by Admin
» Simple Reverse Engineering on Windows
Fri Feb 01, 2019 1:12 am by Admin
» Laptop to desktop conversion
Fri Feb 01, 2019 1:05 am by Admin
» All About A Resistor
Fri Feb 01, 2019 1:01 am by Admin
» Electronic components & their functions -2
Fri Feb 01, 2019 12:59 am by Admin
» Electronic components & their functions
Fri Feb 01, 2019 12:58 am by Admin
» Birth of The Transistor: A video history of Japan's electronic industry. (Part 1)
Fri Feb 01, 2019 12:51 am by Admin
» Using transistor to make a blinking LED light
Fri Feb 01, 2019 12:46 am by Admin
» Making a circuit board from scratch
Fri Feb 01, 2019 12:33 am by Admin
» reverse the rotation of DC brushless PC-fan motor
Fri Feb 01, 2019 12:18 am by Admin
» Google investing half a billion euros in Eemshaven data centre expansion
Thu Jan 31, 2019 10:33 pm by Admin
» Infrastructure and Technology #integration
Thu Jan 31, 2019 12:51 pm by Admin
» Live - Stream \ non-stop technology news and conversation
Thu Jan 31, 2019 12:23 pm by Admin
» Online courses can improve education by 2030
Mon Jan 28, 2019 6:53 am by Admin
» The future of material science - UPDATE
Fri Dec 28, 2018 5:32 am by Admin
» Understanding Privacy in the "Information Age".
Thu Dec 13, 2018 2:33 am by Admin
» How game engines work?
Tue Oct 02, 2018 1:18 am by Admin
» NASA - live feed
Sun Sep 16, 2018 2:25 am by Admin
» KTN NEWS Livestream | KE
Sat Sep 15, 2018 8:29 am by Admin
» NTV Uganda - live streaming
Sat Sep 15, 2018 8:27 am by Admin
» Documentaries - live streaming [user +18]
Sat Sep 15, 2018 8:05 am by Admin
» Planets - Discovery & Space - live streaming OUR UNIVERSE
Sat Sep 15, 2018 8:02 am by Admin
» Sports - live streaming
Sat Sep 15, 2018 7:57 am by Admin
» NEWS - Local + International live|streaming
Sat Sep 15, 2018 7:44 am by Admin
» What NASA is planning in SPACE for 2019
Sat Sep 15, 2018 12:29 am by Admin
» Understanding The Internet -documentary
Thu Sep 13, 2018 3:44 am by Admin
» Impact of technology advancement on business models
Sat Sep 01, 2018 2:00 am by Admin