Feedback Friday: Industry Experts Comment on Hive Ransomware Takedown

Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Android Phones Vulnerable to Remote Rowhammer Attack via GPU

A team of researchers has shown how malicious actors could leverage graphics processing units (GPUs) to launch Rowhammer attacks remotely against Android smartphones.

A team of researchers has shown how malicious actors could leverage graphics processing units (GPUs) to launch Rowhammer attacks remotely against Android smartphones.

Rowhammer attacks involve repeatedly accessing a row of memory and causing bit flips in adjacent rows. The issue has been known since at least 2012, but its security implications were first discussed only in 2014, and the first attack was demonstrated in 2015 when Google researchers showed that it could be exploited for privilege escalation.

Other experts later discovered that Rowhammer was remotely exploitable via JavaScript and even demonstrated attacks on mobile platforms, specifically for rooting Android phones. A new variation of the attack presented last year bypassed mitigations proposed up to that point.

Researchers from the VU University in Amsterdam have now shown that the GPU integrated in most mobile processors can also be abused for Rowhammer and other microarchitectural attacks.

Experts demonstrated that JavaScript-based attacks can be launched remotely against web browsers such as Firefox and Chrome on older LG Nexus 5, HTC One M8 and LG G2 smartphones running Android. These devices use the GPU integrated into the Snapdragon 800/801 mobile chips.

The researchers claim their technique, which they have dubbed GLitch, is an improvement to existing CPU attacks, and it can bypass “state-of-the-art” mitigations. Their experiments have shown that the GPU-based Rowhammer attack is reliable and it can be used to compromise a mobile browser in less than two minutes.

“In comparison, even on PCs, all previous Rowhammer attacks from JavaScript require non default configurations (such as reduced DRAM refresh rates or huge pages) and often take such a long time that some researchers have questioned their practicality,” the researchers said in their paper.

“Our GLitch exploit shows that browser-based Rowhammer attacks are entirely practical even on (more challenging) ARM platforms. One important implication is that it is not sufficient to limit protection to the kernel to deter practical attacks, as hypothesized in previous work,” they added.

Ars Technica reported that Chrome 65 and Firefox 59 include mitigations for these types of attacks, and further protections will be rolled out by Google and Mozilla in the upcoming period.

The discovery of the GLitch method is important as it helps software and hardware vendors make their future products more secure, but these types of attacks require significant knowledge and resources and are unlikely to be seen in the wild any time soon.

Related: Intel Offers $250,000 for Side-Channel Exploits

Related: Intel CPUs Vulnerable to New ‘BranchScope’ Attack

Related: Intel, AMD Chip Vulnerabilities Put Billions of Devices at Risk

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Vulnerabilities

Several vulnerabilities have been patched in OpenText’s enterprise content management (ECM) product.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.