A Serious Vulnerability in Android has been Detected, Affecting All Devices from 2012

Android RAMpage
Written by Hassan Abbas

An international group of researchers discovered a vulnerability in Android-devices, called the RAMpage (CVE-2018-9442). According to them, the problem affects millions of gadgets released in 2012.

According to the research, the vulnerability is found in LPDDR3 memory modules, but theoretically, LPDDR2 and LPDDR4 can be found, that is, not only in smartphones but also in tablets, computers and even cloud services. Specialists managed to carry out an attack on the smartphone LG G4.

Android RAMpage

The RAMpage explorer uses a method to send repetitive read / write requests to the device’s memory modules. If this is done in a certain way, a malicious application can access the data stored in adjacent memory cells. In other words, any data stored in the memory of your smartphone (passwords, images, messages, emails and so on) can potentially be accessed using this vulnerability.

In fact, RAMpage is a variation of the previously discovered exploit of the Android operating system called Rowhammer, which acts about the same. However, unlike it, RAMpage uses an ION subsystem that manages the distribution of memory between different applications, starting with Android 4.0 Ice Cream Sandwich.

Also See: Google is Still Interested in the Cloud Gaming and Console on Android

Attacking the ION, RAMpage splits the boundary between applications and the operating system, allowing attackers to gain access to the entire system. The team of researchers has already released the GuardION tool to protect against potential attacks using the RAMpage vulnerability. In addition, a site has been created with a detailed description of the problem and the Drummer utility to check the Android device for the vulnerability.

Via: Androidcentral

For more stuff visit our site and discover what you want.

About the author

Hassan Abbas

Tech enthusiast with too many items on his wish-list and not nearly enough money! Specializing in all things tech, with a slight Apple bent he has been writing for various blogs for the best part of (too many) years

Leave a Comment