I-C-T HELPLINE [E.A]
Welcome, register a free account- get notifications by subscribing on rss feeds

Search
 
 

Display results as :
 


Rechercher Advanced Search

Latest topics
» FILE SERVER FORUM & INFO
Sat May 13, 2017 2:39 am by Admin

» memory chips vulnerabilities targeted for root access
Thu Mar 30, 2017 3:29 am by Admin

» IPHONE PASSWORD RECOVERY
Wed Jan 18, 2017 2:14 am by Admin

» Tigo Tanzania launches 5th Annual Tigo Digital Changemakers Award
Sun Nov 13, 2016 1:29 am by Admin

» Extend the Windows 7 Trial from 30 to 120 Days.
Wed Oct 26, 2016 10:17 pm by Admin

» Etisalat Nigeria now offers subscribers 4G LTE network
Tue Oct 25, 2016 2:49 am by Admin

» Africa could soon run out of IP Addresses, warns Liquid Telecom
Thu Oct 20, 2016 8:00 am by Admin

» 32bit & 64bit explained
Tue Oct 18, 2016 12:02 am by Admin

» switching to Linux operating systems
Thu Oct 06, 2016 10:26 pm by Admin

Keywords

Who is online?
In total there is 1 user online :: 0 Registered, 0 Hidden and 1 Guest

None

[ View the whole list ]


Most users ever online was 13 on Thu Aug 24, 2017 3:33 am
RSS feeds


Yahoo! 
MSN 
AOL 
Netvibes 
Bloglines 


memory chips vulnerabilities targeted for root access

Thu Mar 30, 2017 3:29 am by Admin


Researchers have devised an attack that gains unfettered "root" access to a large number of Android phones, exploiting a relatively new type of bug that allows adversaries to manipulate data stored in memory chips.
The breakthrough has the potential to make millions of Android phones vulnerable, at least until a security fix is available, to a new form of attack that seizes control of core parts of the operating system and neuters key security defenses. Equally important, it demonstrates that the new class of exploit, dubbed Rowhammer, can have malicious and far-reaching effects on a much wider number of devices than was previously known, including those running ARM chips.
Previously, some experts believed Rowhammer attacks that altered specific pieces of security-sensitive data weren't reliable enough to pose a viable threat because exploits depended on chance hardware faults or advanced memory-management features that could be easily adapted to repel the attacks. But the new proof-of-concept attack developed by an international team of academic researchers is challenging those assumptions.
An app containing the researchers' rooting exploit requires no user permissions and doesn't rely on any vulnerability in Android to work. Instead, their attack exploits a hardware vulnerability, using a Rowhammer exploit that alters crucial bits of data in a way that completely roots name brand Android devices from LG, Motorola, Samsung, OnePlus, and possibly other manufacturers.
No quick fix
"Until recently, we never even thought about hardware bugs [and] software was never written to deal with them," one of the researchers, Victor van der Veen, wrote in an e-mail. "Now, we are using them to break your phone or tablet in a fully reliable way and without relying on any software vulnerability or esoteric feature. And there is no quick software update to patch the problem and go back to business as usual."
So far, "Drammer," as the researchers have dubbed their exploit, has successfully rooted the following handsets: the Nexus 4, Nexus 5, and G4 from LG; Moto G models from 2013 and 2014 made by Motorola; the Galaxy S4 and Galaxy S5 from Samsung; and the One from OnePlus. In some cases, the results aren't always consistent. For example, only 12 of the 15 Nexus 5 models were successfully rooted, while only one of two Galaxy S5 were compromised.
The researchers aren't certain why their results are inconsistent. They theorize that the age of a given device may play a role, since extended or intensive use may wear down cells inside the memory chips over time. Another possibility is that memory chips from some suppliers are more resilient to Rowhammer than others. (It's not uncommon for different generations of the same phone model to use different memory chips.) The researchers expect to soon publish an app that allows people to test their individual phone and anonymously include the results in a running tally that will help researchers better track the list of vulnerable devices. (Update 10/24/2016 6:10 California time: The app still hasn't gone live in Google Play.
The researchers privately reported their findings to Google engineers in July, and the company has designated the vulnerability as "critical," its highest severity rating. Google also awarded the researchers $4,000 under the company's bug bounty reward program. Google informed its manufacturing partners of the vulnerability earlier this month and plans to release an update in November, but the researchers warned it doesn't conclusively fix the underlying Rowhammer hardware bug. Instead, it only makes the vulnerability much harder to exploit by restricting an app's access to "physical contiguous kernel memory," as carried out by Drammer.
"I will have to check once the patch is out, but I expect that we could still find bit flips," van der Veen stated. "Exploiting them would be harder, but probably not impossible."
Google continues to work on a long term solution.

Comments: 0

Social bookmarking

Social bookmarking Digg  Social bookmarking Delicious  Social bookmarking Reddit  Social bookmarking Stumbleupon  Social bookmarking Slashdot  Social bookmarking Yahoo  Social bookmarking Google  Social bookmarking Blinklist  Social bookmarking Blogmarks  Social bookmarking Technorati  

Bookmark and share the address of I-C-T HELPLINE [E.A] on your social bookmarking website

Top posters
Admin
 

October 2017
MonTueWedThuFriSatSun
      1
2345678
9101112131415
16171819202122
23242526272829
3031     

Calendar Calendar

Most active topic starters
Admin
 

Shopmotion


Statistics
We have 3 registered users
The newest registered user is evelyn hassan

Our users have posted a total of 18 messages in 16 subjects