Where technology and gadgets come together and play

RAMpage Vulnerability Affects Every Android Device Since 2012

Another day another security vulnerability found in our precious tech gadgets.

Written By on in Android

609 words, estimated reading time 3 minutes.

A team of academics from three different universities and two private companies have just discovered a new vulnerability that affects almost every Android device since 2012. The vulnerability is known as RAMpage, and it could be used to gain complete control over the device.

Android ION is a subsystem which manages how memory is allocated, specifically between apps and the operating system. Google introduce this system in Android 4.0 Ice Cream Sandwich to consolidate the memory management system implemented by each system-on-a-chip. At the time, there were three major players: Qualcomm, TI OMAP, and Nvidia.

RAMpage attacks the ION subsystem, eliminating the barrier between apps and the operating system, and provides the attacker full control over all data and the device.

Android Bootloop Firmware Error Security Vulnerability
RAMpage Vulnerability Affects Every Android Device Since 2012

What Is RAMpage

RAMpage is a variation of the Rowhammer attack. Rowhammer is a hardware bug which occurs when an attacker sends multiple read/write requests to the same row of memory cells. These repeated requests create an electrical field that alters the data found in other nearby memory cells.

According to the researchers, "while apps are typically not permitted to read data from other apps, a malicious program can craft a RAMpage exploit to get administrative control and get hold of secrets stored in the device." And these secrets can include passwords, personal photos, and more.

While testing was only done on an LG G4, the research teams stated that every smartphone in the last six years is affected. The reason is that the vulnerability exists on LPDDR2, LPDDR3, and LPDDR4 RAM, the RAM used by all smartphones since 2012.

Does this affect Windows or Apple products?

Maybe. The researchers themselves aren't very clear on the issue but claim that RAMpage could affect iOS, macOS, Windows PCs, and even cloud servers. You can read their research paper in its entirety using this link (PDF).

What Can You Do?

As with most vulnerabilities, Android users have some options, but most of us will ultimately have to wait. Google's aware of the vulnerability (tracked as CVE-2018-9442), so expect a patch in the July monthly security update. Since this information is being released late in June, depending on when Google was made aware of this (often, research will let the company know first before making it public), the monthly patch may come later than usual or as a separate patch.

Unfortunately, with most OEMs having a terrible track record for monthly patches (with the exception of Pixels, Blackberries, the Essential PH-1, and devices in the Android One program), your device might remain vulnerable for some time. For those of us on older devices, I myself use an LG G4, there will be no patches or updates issued.

The researchers have released an app that can identify if your device is vulnerable to RAMpage. It isn't available on the Play Store, but you can download the APK using this link which you will have to sideload through SD card.

Google has recognized this flaw (CVE-2018-9442). Yet, they do not presently recognize it to be as important as the researchers believe it is. On June 29, Google issued the following statement regarding RAMpage:

We have worked closely with the team from Vrije Universiteit, and though this vulnerability isn't a practical concern for the overwhelming majority of users, we appreciate any effort to protect them and advance the field of security research. While we recognize the theoretical proof of concept from the researchers, we are not aware of any exploit against Android devices.

In general, be cautious of the apps you install on your device and the websites you visit. The attack can be executed via JavaScript code, graphics cards, and network packets, making both apps and websites potential targets to initiate this attack. And as soon as the monthly security update reaches your device, apply the patch. As for desktop and Apple users, expect a patch within a few days.

Last updated on: Friday 20th July 2018

 

Comments

There are no comments for this post. Be the first!

 

Leave a Reply

Your email address will not be published.





If you find something abusive or that does not comply with our terms or guidelines please flag it as inappropriate.

Copyright © 2001-2018 Tim Trott, all rights reserved. Web Design by Azulia Designs

This web page is licensed for your personal, private, non-commercial use only.

Disclaimer, Privacy & LegalSitemapContact Me