A group of security researchers from the University of Amsterdam, UC Santa Barbara, Amrita University, TU Wien, EURECOM, and IBM has discovered a critical vulnerability in every Android smartphone since 2012. Dubbed RAMpage by researchers, the vulnerability (CVE-2018-9442) is a variant of the previously known Rowhammer attack.
How does RAMpage work
The RAMpage vulnerability exists in memory cards due to a hardware bug. It works in such a way that once exploited, attackers can gain complete administrative control of the target Android device including smartphones and tablets. They can then steal sensitive content including passwords stored in the browser, personal photos, documents, instant messages, and emails.
According to a research paper [PDF] published by security experts, RAMpage targets Android’s ION subsystem which controls memory allocation on the device. The attack rams memory pages to obtain arbitrary read and write access allowing attackers to leak contents of adjacent memory rows which in normal circumstances would be impossible to access directly.
“RAMpage breaks the most fundamental isolation between user applications and the operating system,” researchers noted. “If your device is shipped with vulnerable memory and runs with an unpatched operating system, it is not safe to work with sensitive information without the chance of leaking it.”
How to secure your device from RAMpage attack
According to researchers, Google was contacted with their findings, who acknowledged the issue but claimed that “it isn’t a practical concern for the overwhelming majority of users.”
“While we recognize the theoretical proof of concept from the researchers, we also recognize that newer devices contain memory with Rowhammer specific protections (for example the researcher proof of concept for this issue does not work on any currently supported Google Android devices),” Google told researchers.
However, researchers have come up with their own solution called “Guardion” which aims at mitigating the RAMpage attack.
“Guardion defends against rampage attacks. It prevents an attacker from modifying critical data structures by carefully enforcing a novel isolation policy,” researchers said. “Guardion won the best research award at the International Conference on Computing Systems (CompSys 2018).”