agsandrew - Fotolia
How does the Drammer attack exploit ARM-based mobile devices?
Drammer, or a deterministic Rowhammer attack, was found to be more effective on ARM-based mobile devices. Expert Nick Lewis explains the issue with ARM processors.
Researchers have demonstrated a way for the Rowhammer exploit, found previously in PCs, to be used on mobile devices that are ARM-based. In fact, researchers say the exploit may be more effective on mobile devices. What is the issue with ARM, and how does it enable more effective Rowhammer attacks?
Hardware-based security vulnerabilities and attacks are not commonplace, but they do exist, and could provide access to an otherwise secure system.
Researchers from the Vrije Universiteit Amsterdam in the Netherlands and the University of California in Santa Barbara found that the Flip Feng Shui technique allows the Rowhammer hardware bug to be exploited by a deterministic Rowhammer, or Drammer, attack. Besides PCs and Android mobile devices using ARM processors, the deterministic Rowhammer attacks could extend to cloud services.
How the Drammer attack impacts ARM devices
The issue with ARM is similar to problems faced by other hardware platforms using vulnerable dynamic RAM, even though the ARM platform is significantly different than devices running on the x86 processor. The ARM CPU uses RISC CPU architecture, and is less complex than the complex instruction set computing CPU architecture that x86 uses. ARM relies more on external memory than x86, since x86 CPUs have memory included in the chip.
Researchers were unsure if the memory access would be fast enough on ARM to be vulnerable to Rowhammer-style bugs. The researchers investigated how to access memory in different ways on Android, running as root initially, and then eventually establishing a way to do it via a nonprivileged user. The researchers could use the Drammer attack to manipulate data stored in RAM on vulnerable devices.
The researchers were able to demonstrate an example of how a Drammer attack would work: after getting a targeted user to open a malicious URL, the attacker chains Drammer to the Statefright exploit to get remote code execution, and then to gain root privileges.
The researchers released a Drammer test tool to test if your mobile device is vulnerable, but did not release the exploit code. Google has released patches to provide some protection from the attack, but those do not completely stop it.
The Drammer attack is low-risk, given the complexity of the bug and limited vulnerable devices. However, it could be used in a targeted attack.
