Researchers from Vrije Universiteit in Amsterdam have demonstrated that it is possible to use a Rowhammer attack to remotely hack Android phones.
The result of such an attack is that the value of one or more bits in physical memory (in this case GPU memory) is flipped, and may offer new access to the target system.
How One AI-Driven Media Platform Cut EBS Costs for AWS ASGs by 48%
Successful Rowhammer attacks have been previously demonstrated against local machines, remote machines, and Linux virtual machines on cloud servers.
The researchers dubbed their attack “GLitch,” as it leverages WebGL, a JavaScript API for rendering interactive graphics in web browsers, to determine the physical memory layout of the DRAM memory before starting the targeted Rowhammer attack.
Vulnerable smartphones can be targeted by tricking users into visiting a website hosting a malicious JavaScript. A successful exploitation results in malicious code being run on the devices, but just within the privilege of the browser, meaning that a complete compromise of the device is not possible but password theft is.
Read more: HelpNet Security
