A team of researchers has discovered a new way that lets attackers hit Android Apparatus remotely by Employing a four-year-old technique called Rowhammer.Rowhammer-Based 'GLitch' Exploit Emerges That Can Attack Android Devices via BrowsersCalled GLitch, the brand new tap uses GPU to gain access access on some Android tablets and may be executed only through a malicious website. It was in 2016 seen a Rowhammer-based exploit could root Android devices and leak their stored information. But that previous exploit demanded attackers to set up a malicious program on vulnerable hardware to acquire consumer information.
Researchers of VUSec Lab at Vrije Universiteit Amsterdam have elaborated that the GLitch exploit at a newspaper and claimed it takes about two minutes to assault a vulnerable Android device by pushing code from a JavaScript component available on a malicious website. The exploit especially uses regular JavaScript to undermine the device, instead of requiring any program installation or a special Web app. It basically accesses GPU via a Rowhammer-vulnerable DRAM to take over the machine. This is unlike the previous Rowhammer attacks that were majorly using CPU to exploit a system.

Thankfully, the reach of the GLitch exploit is not as broad as the Drammer that emerged in October 2016 to attack millions of Android devices using a malicious program. The new exploit works just Mozilla’s Firefox browser also may impact apparatus using Snapdragon 800 and Snapdragon 801 SoCs, that gets the Adreno 330 GPU. In addition, the researchers discovered their model powerful on older devices like the Nexus 5 that had been discontinued in the past.

In a statement to Ars Technica, Pietro Frigo, among the four researchers in Vrije University Amsterdam Systems and Network Security Group who wrote the paper, promised that on different browsers, attackers could call for different tactics to construct the exploit. “But, theoretically, you could exploit any target,” he added.

That having been said, Google in an official note to people at Ars Technica stated that the distant vector in Chrome was mitigated on March 13 and its team is working together with other browsers to execute similar protections. Mozilla, on the other hand, disabled the vulnerable EXT_DISJOINT_TIMER_QUERY in the March launch of Firefox 59 and can be set to modify the WebGL specifications in Firefox 60 that will be published on May 9 to make it harder for attackers to compromise devices through any Rowhammer-based exploits. Furthermore, Some anonymous Google researchers reportedly confirmed that newer Android mobiles come with DDR chips that have mitigations to protect the hardware from the GLitch exploit and prevent bits from flipping, which primarily gives space to Rowhammer attackers.

LEAVE A REPLY

Please enter your comment!
Please enter your name here