New RAMpage attack affects almost all Android devices since 2012

According to bleepingcomputer reports, almost all Android devices since 2012 may be affected by a new vulnerability called RAMpage, which is a variant of the Rowhammer attack that was exposed several years ago and marked CVE-2018-9442. RAMpage is a set of DMA-based Rowhammer attacks that affect the latest Android systems, including a root exploit and a series of application usage scenarios that bypass all defensive measures.

According to a research paper published today, “RAMpage breaks the most fundamental isolation between user applications and the operating system,” researchers said. “While apps are typically not permitted to read data from other apps, a malicious program can craft a RAMpage exploit to get administrative control and get hold of secrets stored in the device. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents.”

Before the exposure, Rowhammer took advantage of the DRAM physical memory card hardware weaknesses, to achieve bit-flip attacks, the use of hardware weaknesses rather than Android flaws to allow a non-privileged application to obtain the device’s Root privileges, affect a large number of Android devices, repair this flaw is very difficult.

“Android-based devices may be affected by rampage. More technically, every mobile device that is shipped with LPDDR2, LPDDR3, or LPDDR4 memory is potentially affected, which is effectively every mobile phone since 2012. We successfully tested rampage on an LG G4. At the moment, it is unclear whether desktop operating systems are also affected, but this seems very likely.”