RAMpage attack could give hackers access to personal information stored in your Android phone

RAMpage attack could give hackers access to personal information stored in your Android phone
An attack on Android phones that can change what is stored in the Random Access Memory (RAM) inside a handset, can ultimately lead a hacker to gain control of the device. This attack, called RAMpage for obvious reasons, can theoretically grab passwords stored in a password manager, emails, photos, and documents stored on the unit. It is the subject of a research paper released today from three universities in India, Amsterdam and UC Santa Barbara.

RAMpage is an attack based on the Rowhammer bug that takes advantage of the tightly packed circuitry inside a RAM chip. By electrically attacking one part of a RAM chip, memory cells leak and interfere with other memory cells. Keep in mind that this is not necessarily a flaw, but is a "side effect" of RAM. While some leakage between rows of memory cells is normal, and the RAM chip able to recover, a hacker who attacks the same row repeatedly can flip the bits inside the cells, which use a binary system. The flip, from "0" to "1" or from "1" to "0" will alter the data stored in RAM.

RAMpage can be unleashed on Android devices using LPDDR2, LPDDR3 and LPDDR4 RAM. That means that any Android phone produced in 2012 or later is vulnerable. This is obviously a complicated attack, and while Android devices are currently the target at the moment, eventually iOS devices could be in the crosshairs.


According to the research paper, hardware fixes for RAMpage are not practical for a mobile device because of the power they require. The report also says that there is no current software fix available. Hopefully Google and Apple work out some sort of patch before hackers start employing this RAM side effect to their benefit.

source: dimva2018 (PDF)

FEATURED VIDEO

21 Comments

1. SamsungNewbie

Posts: 143; Member since: Jul 06, 2013

I’m sure these hackers are paid by a certain fruit company since they can’t compete fairly. Shame on you Apple, attacking consumers like this.

2. AngelicusMaximus

Posts: 582; Member since: Dec 20, 2017

^^^Delusional.

4. kiko007

Posts: 7383; Member since: Feb 17, 2016

I thought he was joking... then I saw the username.

6. AVVA1

Posts: 228; Member since: Aug 01, 2017

I'm starting to think this is hallyu or something

10. sissy246

Posts: 6844; Member since: Mar 04, 2015

LOL , I didn't need to see the name to know who it was. He must be about 13, at least I hope he is not older then that.

12. Subie

Posts: 2235; Member since: Aug 01, 2015

The account says: Member since July 2013. So, I'd say this person is most definitely older then 13. My guess is that this is just someone's trolling account...

13. SamsungNewbie

Posts: 143; Member since: Jul 06, 2013

How dare you insinuate that myx account is a troll

20. 47AlphaTango

Posts: 709; Member since: Sep 27, 2015

Because you are a troll! You blame somebody without any sufficient evidence to support your claim!

3. Trex95

Posts: 2314; Member since: Mar 03, 2013

Hahah.

5. RebelwithoutaClue

Posts: 5469; Member since: Apr 05, 2013

Damn you are a moron. If you have read the original research papers, the researchers say this will most probably work on iOS, MacOS, Windows and some Cloud servers too. Anything with LPDDR memory. And they can't compete fairly? Pretty sure Samsung is in no way any competition to them. How old are you kid? I hope for your sake, 12 at the most.

8. sissy246

Posts: 6844; Member since: Mar 04, 2015

Did you not read it. Stop being so dumb.

9. SamsungNewbie

Posts: 143; Member since: Jul 06, 2013

Apple’s gotta make it seem like they’re vulnerable too so people won’t suspect them but I know the truth. They’re behind almost every major hack of the modern age because they’re so money hungry and want to be on top. How else can such an overpriced company that’s so far behind in technology get as big as they are without malicious behavior.

15. RebelwithoutaClue

Posts: 5469; Member since: Apr 05, 2013

If you understand a bit about this 'bug', then you would know Samsung uses targeted row refresh on the higher end of their memory modules and they are less or not susceptible to this attack. All nicely written in the research sponsored by Apple. How can you be a member here since 2013 and only recently be on my radar for the most retarded comments on PA?

16. kiko007

Posts: 7383; Member since: Feb 17, 2016

He only became active recently; which lends credence to the alt-account theory someone posted above. It's either Hallyu, or an Apple troll pretending to be a Samsung enthusiast. Hallyu is the only fanboy here bats**t crazy enough to spout such nonsense unironically.

17. RebelwithoutaClue

Posts: 5469; Member since: Apr 05, 2013

The more I read from him, the more I believe it's someone trying to give Samsung fans a bad name. Some people have way too much time on their hands.

14. Leo_MC

Posts: 5924; Member since: Dec 02, 2011

Than you should thank Apple, because finding flaws allows phone makers to produce better devices.

19. 47AlphaTango

Posts: 709; Member since: Sep 27, 2015

And do you have any evidence that the fruit company is paying these hackers to attack android?

7. ray200976

Posts: 3; Member since: Feb 18, 2013

I agree the hackers probably, solo but samsung no competition to them apple. They hate samsung right now galaxy line has taken nice amount of market share since coming out. Not saying apple bad just they are 2 juggernauts in the game. They recently were always in court which is funny cause they business relationship as samsung provides all the screens basically and certain chips for iPhones. Lil weird So they are just doing there thing,hopefully not they settled and can make amazing future phones us.

18. AfterShock

Posts: 4146; Member since: Nov 02, 2012

So who tried Drammer, did anyone fail it? This is a seriously complicated attack to pull off. Edit, Drammer is the test attack tool from the researchers themselves, many that have tried it from Reddit, pass it or phone crashes, not so positive really.

21. xfire99

Posts: 1202; Member since: Mar 14, 2012

Never trust phonearena. "An average Android smartphone with 32GB memory capacity has 32 billion bits. Given this fact, it would be nearly impossible for an attacker to pinpoint a particular piece of information. It’s nothing but a game of chance." Good luck hackers to find any useful inforamtion they need.https://fossbytes.com/rampage-attack-android-rowhammer-bit-flipping/

* Some comments have been hidden, because they don't meet the discussions rules.

Latest Stories