drammer attack | Breaking Cybersecurity News | The Hacker News

A team of security researchers has discovered a new set of techniques that could allow hackers to bypass all kind of present mitigations put in place to prevent DMA-based Rowhammer attacks against Android devices. Dubbed RAMpage , the new technique (CVE-2018-9442) could re-enable an unprivileged Android app running on the victim's device to take advantage from the previously disclosed Drammer attack , a variant of DRAM Rowhammer  hardware vulnerability for Android devices, in an attempt to gain root privileges on the target device. You might have already read a few articles about RAMpage on the Internet or even the research paper, but if you are still unable to understand— what the heck is RAMpage —we have briefed the research in language everyone can understand. Before jumping directly on the details of RAMpage, it is important for you to understand what is RowHammer vulnerability, how it can be exploited using Drammer attack to hack Android devices and what mitigations G

Earlier last year, security researchers from Google's Project Zero outlined a way to hijack the computers running Linux by abusing a design flaw in the memory and gaining higher kernel privileges on the system. Now, the same previously found designing weakness has been exploited to gain unfettered "root" access to millions of Android smartphones, allowing potentially anyone to take control of affected devices. Researchers in the VUSec Lab at Vrije Universiteit Amsterdam have discovered a vulnerability that targets a device's dynamic random access memory (DRAM) using an attack called Rowhammer . Although we are already aware of the Rowhammer attack , this is the very first time when researchers have successfully used this attack to target mobile devices. What is DRAM Rowhammer Attack? The Rowhammer attack against mobile devices is equally dangerous because it potentially puts all critical data on millions of Android phones at risk, at least until a secu

Wing Security finds and ranks all SaaS applications completely for free, removing unnecessary risk.