Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Android Phones Vulnerable to Remote Rowhammer Attack via GPU

A team of researchers has shown how malicious actors could leverage graphics processing units (GPUs) to launch Rowhammer attacks remotely against Android smartphones.

A team of researchers has shown how malicious actors could leverage graphics processing units (GPUs) to launch Rowhammer attacks remotely against Android smartphones.

Rowhammer attacks involve repeatedly accessing a row of memory and causing bit flips in adjacent rows. The issue has been known since at least 2012, but its security implications were first discussed only in 2014, and the first attack was demonstrated in 2015 when Google researchers showed that it could be exploited for privilege escalation.

Other experts later discovered that Rowhammer was remotely exploitable via JavaScript and even demonstrated attacks on mobile platforms, specifically for rooting Android phones. A new variation of the attack presented last year bypassed mitigations proposed up to that point.

Researchers from the VU University in Amsterdam have now shown that the GPU integrated in most mobile processors can also be abused for Rowhammer and other microarchitectural attacks.

Experts demonstrated that JavaScript-based attacks can be launched remotely against web browsers such as Firefox and Chrome on older LG Nexus 5, HTC One M8 and LG G2 smartphones running Android. These devices use the GPU integrated into the Snapdragon 800/801 mobile chips.

The researchers claim their technique, which they have dubbed GLitch, is an improvement to existing CPU attacks, and it can bypass “state-of-the-art” mitigations. Their experiments have shown that the GPU-based Rowhammer attack is reliable and it can be used to compromise a mobile browser in less than two minutes.

“In comparison, even on PCs, all previous Rowhammer attacks from JavaScript require non default configurations (such as reduced DRAM refresh rates or huge pages) and often take such a long time that some researchers have questioned their practicality,” the researchers said in their paper.

“Our GLitch exploit shows that browser-based Rowhammer attacks are entirely practical even on (more challenging) ARM platforms. One important implication is that it is not sufficient to limit protection to the kernel to deter practical attacks, as hypothesized in previous work,” they added.

Advertisement. Scroll to continue reading.

Ars Technica reported that Chrome 65 and Firefox 59 include mitigations for these types of attacks, and further protections will be rolled out by Google and Mozilla in the upcoming period.

The discovery of the GLitch method is important as it helps software and hardware vendors make their future products more secure, but these types of attacks require significant knowledge and resources and are unlikely to be seen in the wild any time soon.

Related: Intel Offers $250,000 for Side-Channel Exploits

Related: Intel CPUs Vulnerable to New ‘BranchScope’ Attack

Related: Intel, AMD Chip Vulnerabilities Put Billions of Devices at Risk

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.