Rowhammer-Based ‘GLitch’ Exploit Emerges That Can Attack Android Devices via Browsers

0
13

Called GLitch, the brand new tap uses GPU to gain access access on some Android tablets and can be executed simply through a malicious website. It had been in 2016 spotted that a Rowhammer-based harness could trigger Android devices and leak their saved information. But that preceding exploit demanded attackers to install a malicious app on hardware that is vulnerable to obtain consumer data. Rowhammer-Based 'GLitch' Exploit Emerges That Can Attack Android Devices via BrowsersResearchers of VUSec Lab at Vrije Universiteit Amsterdam have elaborated that the GLitch exploit at a paper and asserted it takes about two minutes to assault a vulnerable Android apparatus by pushing code by a JavaScript component on a malicious website. The exploit notably uses standard JavaScript to undermine the device, instead of requiring any program installation or a distinctive Web program. It essentially accesses GPU through a Rowhammer-vulnerable DRAM to take over the system.

Thankfully, the reach of the GLitch exploit is not as wide as the Drammer that emerged in October 2016 to assault countless Android devices using a malicious app. The brand new exploit works just Mozilla’s Firefox browser and may impact apparatus using Snapdragon 800 and Snapdragon 801 SoCs, that has got the Adreno 330 GPU. Moreover, the researchers discovered their version powerful on older devices such as the Nexus 5 which had been discontinued in the past.

In a statement to Ars Technica, Pietro Frigo, among the four researchers in Vrije University Amsterdam Systems and Network Security Group who authored the paper, promised that on various browsers, attackers could call for unique techniques to build the exploit. “But, theoretically, you can exploit any goal,” he added.

That having been said, Google in an official notice to folks at Ars Technica stated that the remote vector in Chrome has been mitigated on March 13 and its own staff is working together with other browsers to execute similar protections. What’s more, Some unidentified Google researchers allegedly confirmed that Android mobiles include DDR chips which have mitigations to protect the hardware in the GLitch exploit and prevent pieces from flipping, which primarily provides space to Rowhammer attackers.

LEAVE A REPLY

Please enter your comment!
Please enter your name here