Home Hacking Challenges RAMpage – A Vulnerability Affecting Every Android Device Built Since 2012

RAMpage – A Vulnerability Affecting Every Android Device Built Since 2012

by Abeerah Hashim

We already know about the infamous Rowhammer vulnerability in DRAM (dynamic random access memory). Now, researchers have discovered another hardware vulnerability working similarly. The newly identified RAMpage vulnerability could allow hackers to take complete control of your smartphones. Posing a threat to all Android devices for the past six years.

RAMpage Vulnerability – A Rowhammer Variant

A team of eight researchers have discovered a hardware flaw that puts all Android devices at the risk of hacking. The team calls it RAMpage as it exploits memory pages in RAM. RAMpage primarily makes Android phones vulnerable to hacking attacks as it provides apps unauthorized access to the device.

Researchers have published a research paper in which they have explained about the flaw, and have proposed a solution too. The paper is available online in a separate link. one statement from it states:

“While apps are typically not permitted to read data from other apps, a malicious program can craft a rampage exploit to get administrative control and get hold of secrets stored in the device.”

This vulnerability could leak almost all of your personal data to hackers. This includes everything from saved passwords and emails to messages, business documents, and photos.

Though RAMpage mainly targets Android phones and tablets, the iOS-based gadgets do not remain significantly safe from this flaw.

The Threat Has Been Around Since 2012

The researchers clearly stated that the RAMpage has been around for the past six years. According to them, all android devices with vulnerable memory.

“More technically, every mobile device that is shipped with LPDDR2, LPDDR3, or LPDDR4 memory is potentially affected, which is effectively every mobile phone since 2012.”

Regretfully, no patch is yet available for RAMpage vulnerability. Moreover, one cannot precisely state desktops to be safe from it.

Google has recognized this flaw (CVE-2018-9442). Yet, they do not presently recognize it to be as important as the researchers believe it is.

“We’ve worked closely with the research team and thought this vulnerability isn’t a practical concern for the overwhelming majority of users.”

Google also claims that present Android devices are already safe from this flaw.

“While we recognize the theoretical proof of concept from the researchers, we also recognize that newer devices contain memory with Rowhammer specific protections (for example the researcher proof of concept for this issue does not work on any currently supported Google Android devices).”

You may also like