Malware, Threat Management, Vulnerability Management

Researchers gain root access to Android devices using Rowhammer attacks

An international team of researchers have developed an exploit to “root” access Android phones made by LG, Samsung and Motorola using Rowhammer hardware attacks.

The attacks allow threat actors to manipulate data stored in memory chips and relies on the predictable memory reuse patterns of standard physical memory allocators, according to the “Drammer: Deterministic Rowhammer Attacks on Mobile Platforms” research paper.

Researchers said the Rowhammer hardware bug can be used to craft powerful attacks and completely subvert a system by exploiting a hardware vulnerability that alters crucial bits of data in a way that completely roots the device.

The attacks have successfully been carried out on a Nexus 4, Nexus 5, LG G4, Motorola Moto G, Samsung Galaxy S4 and S5 and the OnePlus One, although in some cases the results weren't consistent, the report said.  

Victor van der Veen, one of the researchers who discovered the exploit, told ARS Technica that the there is no quick software update to patch the problem.

"Until recently, we never even thought about hardware bugs [and] software was never written to deal with them," van der Veen said. "Now, we are using them to break your phone or tablet in a fully reliable way and without relying on any software vulnerability or esoteric feature.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.