Hide your smartphones! A new(ish) attack is now targeting your fifth appendage…

Yesterday, a team of Dutch security researchers identified a “GLitch” in Rowhammer (Android users, this applies to you), that allows it to be exploited by using Javascript to hack the device via the phone’s web browser. Originally just a “what if”, the new research shows that repeatedly activating the memory cells can cause the phone’s electrical charges to fluctuate, which can alter the data stored in your DRAM. This exploit then allows the hacker to manipulate other software, including the OS itself.
This [hack] makes it possible for an attacker who controls a malicious website to get remote code execution on a smartphone without relying on any software bug.
- Vrije Universiteit Amsterdam
Both Mozilla and Google have recognized and addressed the Rowhammer issue, and Google identifies the threat as being largely theoretical, noting a fully working exploit that leverages the same technique has yet to be identified. According to researchers at Vrije Universiteit Amsterdam, the threat is indeed very real, and very capable of causing Mayhem (and not the fun kind that AllState covers). While the jury is still out on how worries we should be, the Dutch-led group is working with Google to find a fix, but also stresses the onus is on hardware vendors to develop a more permanent fix.
#Hacking #RowHammer #Android #Smartphone #Cybersecurity #VulnerabilityManagement #KnowYourRysk #ReduceYourRysk