Researchers of VUSec Lab at Vrije Universiteit Amsterdam have discovered a new way in which hackers can take control of millions of Android devices. In their demo, they showed how hackers could exploit data on smartphones through memory chips and other physical parts embedded inside, opening up a whole new world of vulnerabilities that wasn't thought of before. In theory, the type of attack - which exploits a new-found flaw in mobile memory - could be users on iPhones as well as other mobile devices.
The Drammer exploit is based on the Rowhammer class of attacks that target memory chips like DRAM, and has the potential to root millions of Android smartphones out there, including the ones that are running on ARM chips. This new exploit leverages a memory hardware vulnerability to surreptitiously root gain access using an app without any special permissions. The researchers claim that they have used the Drammer attack to root many LG, Motorola, Samsung, and OnePlus handsets.
Ars Technica reports that the researchers have been able to completely root Nexus 4, Nexus 5, LG G4; Moto G (2013), Moto G (2014), Samsung Galaxy S4, Samsung Galaxy S5, and the OnePlus One using the Drammer attack.
What is worse is that there is no quick fix for this exploit as well. Hardware bugs weren't even considered a possibility, and therefore no software fix was ever issued for them. "Until recently, we never even thought about hardware bugs [and] software was never written to deal with them. Now, we are using them to break your phone or tablet in a fully reliable way and without relying on any software vulnerability or esoteric feature. And there is no quick software update to patch the problem and go back to business as usual," one of the researchers, Victor van der Veen told the publication.
However, the report further notes that not all units of the above-mentioned smartphones were compromised. It largely depended on the age of the smartphone, and older the smartphone, the more vulnerable was it to the exploit - this is based on how the vulnerability works, by flipping bits on a memory module. The Rowhammer attack has been around for quite a while, but this is the first time it is seen risking smartphone data.
The researchers had even intimated Google about the vulnerability in July, for which they even received a $4,000 reward. Google is still working on a fix, and plans to release it in the November security bulletin.
Veen claims that the fix won't completely prevent hackers from exploiting, but expects it to make it very difficult. You cannot expect an OEM to stop bundling in random access memory chips and other crucial hardware components to prevent the Rowhammer exploit.