Great Moto G Stylus deal on Amazon!

RAMpage attack could give hackers access to personal information stored in your Android phone

By
20comments
Android Google
RAMpage attack could give hackers access to personal information stored in your Android phone
An attack on Android phones that can change what is stored in the Random Access Memory (RAM) inside a handset, can ultimately lead a hacker to gain control of the device. This attack, called RAMpage for obvious reasons, can theoretically grab passwords stored in a password manager, emails, photos, and documents stored on the unit. It is the subject of a research paper released today from three universities in India, Amsterdam and UC Santa Barbara.

RAMpage is an attack based on the Rowhammer bug that takes advantage of the tightly packed circuitry inside a RAM chip. By electrically attacking one part of a RAM chip, memory cells leak and interfere with other memory cells. Keep in mind that this is not necessarily a flaw, but is a "side effect" of RAM. While some leakage between rows of memory cells is normal, and the RAM chip able to recover, a hacker who attacks the same row repeatedly can flip the bits inside the cells, which use a binary system. The flip, from "0" to "1" or from "1" to "0" will alter the data stored in RAM.

RAMpage can be unleashed on Android devices using LPDDR2, LPDDR3 and LPDDR4 RAM. That means that any Android phone produced in 2012 or later is vulnerable. This is obviously a complicated attack, and while Android devices are currently the target at the moment, eventually iOS devices could be in the crosshairs.

"The Rowhammer hardware bug at its core consists of the leakage of charge between adjacent memory cells on a densely packed DRAM chip. Thus, whenever the CPU reads or writes one row of bits in the DRAM module, the neighboring rows are ever so slightly affected. Normally, this does not create problems as DRAM periodically refreshes the charge in its cells, well in time to preserve data integrity. However, an attacker who deliberately hits the same rows many times within a refresh interval may cause the charge leakage to accumulate to the point that a bit flips in an adjacent row and modify memory that she does not own. Initially considered a curiosity of relatively minor importance, researchers have shown that attackers can harness Rowhammer to completely subvert a system’s security."-Research paper

Recommended Stories
According to the research paper, hardware fixes for RAMpage are not practical for a mobile device because of the power they require. The report also says that there is no current software fix available. Hopefully Google and Apple work out some sort of patch before hackers start employing this RAM side effect to their benefit.

source: dimva2018 (PDF)
https://m-cdn.phonearena.com/images/users/39-200/Alan-F.jpg
Alan Friedman Mobile Tech News Journalist
Alan, an ardent smartphone enthusiast and a veteran writer at PhoneArena since 2009, has witnessed and chronicled the transformative years of mobile technology. Owning iconic phones from the original iPhone to the iPhone 15 Pro Max, he has seen smartphones evolve into a global phenomenon. Beyond smartphones, Alan has covered the emergence of tablets, smartwatches, and smart speakers.

Recommended Stories

Loading Comments...

Popular stories

T-Mobile is now going to dictate where you can use its 5G internet
T-Mobile is now going to dictate where you can use its 5G internet
Samsung's killer Galaxy Watch 6 Classic trade-in deal comes just in time for Mother's Day
Samsung's killer Galaxy Watch 6 Classic trade-in deal comes just in time for Mother's Day
Apple signals the imminent release of the iPad Air (2024) and iPad Pro (2024)
Apple signals the imminent release of the iPad Air (2024) and iPad Pro (2024)
The speedy iPad Mini 2021 is even sweeter than usual after a lovely discount on Amazon
The speedy iPad Mini 2021 is even sweeter than usual after a lovely discount on Amazon
Apple Watch X render shows new magnetic band mechanism that could lead to longer battery life
Apple Watch X render shows new magnetic band mechanism that could lead to longer battery life
Text message from AT&T about a free device offer may look like a scam or spam but it is legitimate
Text message from AT&T about a free device offer may look like a scam or spam but it is legitimate

Latest News

T-Mobile confirms major 5G network upgrades in Louisiana
T-Mobile confirms major 5G network upgrades in Louisiana
Apple needs a $250 iPhone to boost sales but it doesn't want to make "stripped-down, lousy products"
Apple needs a $250 iPhone to boost sales but it doesn't want to make "stripped-down, lousy products"
Grab the smaller-sized Galaxy Watch 6 at bargain prices through Amazon's deal
Grab the smaller-sized Galaxy Watch 6 at bargain prices through Amazon's deal
Galaxy S21 and S22 owners facing green line issue will get free screen replacement in one country
Galaxy S21 and S22 owners facing green line issue will get free screen replacement in one country
AT&T's first kid-friendly tablet is here with a fun design and great price
AT&T's first kid-friendly tablet is here with a fun design and great price
LeBron James may have leaked Apple's next big Beats product
LeBron James may have leaked Apple's next big Beats product
FCC OKs Cingular\'s purchase of AT&T Wireless