Rowhammer Vulnerability Comes to Android

[RV_]

If you are convinced to go to a malicious website by this it infects your Android or Windows device:

 

Excerpt:

 

"Researchers have published details of a new method for exploiting a problem with Android devices tied to a hardware flaw within DRAM memory modules that can allow attackers to get root-level access to target machines. The vulnerability, dubbed Drammer, could give an attacker root access to millions of Android handsets including Nexus, Samsung, LG and Motorola.

 

Researchers say they told Google’s Android Security team of the flaw on July 25. Google notified hardware partners of the flaw on Oct., 3. The Android Security team said it would issue a partial fix for the flaw (CVE-2016-6728) with its November security bulletin. However researchers point out, Google’s patch will make it much harder for an attacker to launch a Drammer attack, it does not eradicate it. “We hope to see a more sophisticated fix soon,” according to researchers.

 

Google has classified the vulnerability as “critical.”

 

In the researchers’ proof-of-concept attack, a malicious Drammer application was created that required no permissions, raising little suspicion by those installing the targeted app. Worse, researchers warn that the vulnerability becomes especially potent when combined with existing vulnerabilities such as Stagefright or BAndroid.

 

In a proof-of-concept attack implemented in collaboration with the University of California, Santa Barbara, researchers showed how Stagefright mitigation techniques can be bypassed via a Drammer attack."

 

The whole article with links to all the information is here: https://threatpost.com/rowhammer-vulnerability-comes-to-android/121480/