I-C-T HELPLINE [E.A]
Welcome, register a free account- get notifications by subscribing on rss feeds
Search
 
 

Display results as :
 


Rechercher Advanced Search

Keywords

Latest topics
» FILE SERVER FORUM & INFO
Sat May 13, 2017 2:39 am by Admin

» memory chips vulnerabilities targeted for root access
Thu Mar 30, 2017 3:29 am by Admin

» IPHONE PASSWORD RECOVERY
Wed Jan 18, 2017 2:14 am by Admin

» Tigo Tanzania launches 5th Annual Tigo Digital Changemakers Award
Sun Nov 13, 2016 1:29 am by Admin

» Extend the Windows 7 Trial from 30 to 120 Days.
Wed Oct 26, 2016 10:17 pm by Admin

» Etisalat Nigeria now offers subscribers 4G LTE network
Tue Oct 25, 2016 2:49 am by Admin

» Africa could soon run out of IP Addresses, warns Liquid Telecom
Thu Oct 20, 2016 8:00 am by Admin

» 32bit & 64bit explained
Tue Oct 18, 2016 12:02 am by Admin

» switching to Linux operating systems
Thu Oct 06, 2016 10:26 pm by Admin

September 2017
MonTueWedThuFriSatSun
    123
45678910
11121314151617
18192021222324
252627282930 

Calendar Calendar

Top posting users this month

Poll

memory chips vulnerabilities targeted for root access

Post new topic   Reply to topic

View previous topic View next topic Go down

memory chips vulnerabilities targeted for root access

Post by Admin on Thu Mar 30, 2017 3:29 am


Researchers have devised an attack that gains unfettered "root" access to a large number of Android phones, exploiting a relatively new type of bug that allows adversaries to manipulate data stored in memory chips.
The breakthrough has the potential to make millions of Android phones vulnerable, at least until a security fix is available, to a new form of attack that seizes control of core parts of the operating system and neuters key security defenses. Equally important, it demonstrates that the new class of exploit, dubbed Rowhammer, can have malicious and far-reaching effects on a much wider number of devices than was previously known, including those running ARM chips.
Previously, some experts believed Rowhammer attacks that altered specific pieces of security-sensitive data weren't reliable enough to pose a viable threat because exploits depended on chance hardware faults or advanced memory-management features that could be easily adapted to repel the attacks. But the new proof-of-concept attack developed by an international team of academic researchers is challenging those assumptions.
An app containing the researchers' rooting exploit requires no user permissions and doesn't rely on any vulnerability in Android to work. Instead, their attack exploits a hardware vulnerability, using a Rowhammer exploit that alters crucial bits of data in a way that completely roots name brand Android devices from LG, Motorola, Samsung, OnePlus, and possibly other manufacturers.
No quick fix
"Until recently, we never even thought about hardware bugs [and] software was never written to deal with them," one of the researchers, Victor van der Veen, wrote in an e-mail. "Now, we are using them to break your phone or tablet in a fully reliable way and without relying on any software vulnerability or esoteric feature. And there is no quick software update to patch the problem and go back to business as usual."
So far, "Drammer," as the researchers have dubbed their exploit, has successfully rooted the following handsets: the Nexus 4, Nexus 5, and G4 from LG; Moto G models from 2013 and 2014 made by Motorola; the Galaxy S4 and Galaxy S5 from Samsung; and the One from OnePlus. In some cases, the results aren't always consistent. For example, only 12 of the 15 Nexus 5 models were successfully rooted, while only one of two Galaxy S5 were compromised.
The researchers aren't certain why their results are inconsistent. They theorize that the age of a given device may play a role, since extended or intensive use may wear down cells inside the memory chips over time. Another possibility is that memory chips from some suppliers are more resilient to Rowhammer than others. (It's not uncommon for different generations of the same phone model to use different memory chips.) The researchers expect to soon publish an app that allows people to test their individual phone and anonymously include the results in a running tally that will help researchers better track the list of vulnerable devices. (Update 10/24/2016 6:10 California time: The app still hasn't gone live in Google Play.
The researchers privately reported their findings to Google engineers in July, and the company has designated the vulnerability as "critical," its highest severity rating. Google also awarded the researchers $4,000 under the company's bug bounty reward program. Google informed its manufacturing partners of the vulnerability earlier this month and plans to release an update in November, but the researchers warned it doesn't conclusively fix the underlying Rowhammer hardware bug. Instead, it only makes the vulnerability much harder to exploit by restricting an app's access to "physical contiguous kernel memory," as carried out by Drammer.
"I will have to check once the patch is out, but I expect that we could still find bit flips," van der Veen stated. "Exploiting them would be harder, but probably not impossible."
Google continues to work on a long term solution.

Admin
Admin

Posts : 27
rate this site : 721
Reputation : 0
Join date : 2015-12-18

View user profile http://techstuff.dahek.net

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

Post new topic   Reply to topic
 
Permissions in this forum:
You can reply to topics in this forum