A team of scientists from three different universities and two private companies has just discovered a new vulnerability that affects almost every Android device since 2012. The vulnerability is called a RAMpage and could be used to fully control the device.
Android ION is a subsystem that manages how memory is allocated, especially between apps and the operating system. Google is introducing this system into Android 4.0 Ice Cream Sandwich to consolidate the storage management system implemented by every system-on-a-chip. At that time there were three main players: Qualcomm, TI OMAP and Nvidia.
RAMpage attacks the ION subsystem, eliminates the barrier between apps and the operating system, and gives the attacker full control over all data and the device. Fortunately, the researchers released an open-source tool called GuardION that specifically protects against RAMPage attacks on ION. I'll explain more about GuardION below, but first we go over RAMpage
What is RAMpage
RAMpage is a variation of Rowhammer's attack. Rowhammer is a hardware failure that occurs when an attacker sends multiple read / write requests to the same row of memory cells. These repeated requests generate an electric field that alters the data in other nearby memory cells.
The first Rowhammer attack was called DRammer and affected Android devices (both rooted and unroted). However, the team of scientists learned that this attack could be even more devastating. While DRammer does not attack the ION subsystem, RAMpage may provide unprecedented access to your Android device and its data.
According to the researchers, "While apps are generally not allowed to read data from other apps, a malicious program can create a rampage exploit to gain administrative control and secrets stored on the device . "And these secrets can include passwords, personal photos, and more.
While testing was only performed on a LG G4, the research teams stated that every smartphone has been affected in the last six years. The reason is that the vulnerability exists on LPDDR2, LPDDR3 and LPDDR4 RAM, the RAM used since 2012 by all smartphones. Therefore, they also believe in Apple devices (such as iPhones and iPads), desktops (such as Windows and macOS PCs) and cloud servers can also be affected. Through this link you can read the full research (PDF)
What can you do?
As with most vulnerabilities, there are some options for Android users, but most of us will eventually have to wait. Google is aware of this vulnerability (CVE-2018-9442). Therefore, expect a patch in the monthly security update for July. Because this information will be released at the end of June, it depends on when it was brought to the attention of Google (often research lets the company know it first before it's published). The monthly patch might appear later than usual or as a separate patch. 19659002] Unfortunately, most OEMs are unable to reliably process monthly patches (except for Pixels, Blackberrys, the Essential PH-1, and Android One devices), so your device may remain vulnerable for some time  The researchers have released an app that can detect if your device is vulnerable to RAMpage. It is not available in the Play Store, but you can download the APK via .
Finally, there is GuardION a tool that protects the ION system from RAMpage attacks. You can patch your device with GuardION, but that's not an easy task. The instructions are advanced and have only been tested on a pixel with Android 7.1.1 Nougat with a specific kernel. Therefore, it is likely that different devices running different versions of Android are not compatible with GuardION.