Tuesday , 22 May 2018
Home >> S >> Security >> Android alert: This new form of rowhammer GPU conflict can steal your phone remotely

Android alert: This new form of rowhammer GPU conflict can steal your phone remotely

Video: Turn your Android smartphone into a fort with 10 elementary steps.

Researchers have grown a technique dubbed ‘GLitch’, that uses a WebGL JavaScript graphics library, aided by a device’s integrated GPU, to remotely concede Android smartphone browsers.

The conflict lowers a bar to pulling off supposed rowhammer attacks that flip pieces in earthy memory to impel by in-built confidence protections.

The researchers note that many defenses opposite rowhammer attacks have focused on safeguarding CPU cores, and uncover that GPUs that are integrated with CPUs — common on mobile complement on chips — are another conflict avenue.

“We denote a intensity of such attacks by bypassing state-of-the-art browser defenses and presenting a initial arguable GPU-based rowhammer conflict that compromises a browser on a phone in underneath dual minutes,” a researchers from Vrije Universiteit in Amsterdam write in a new paper.

With this technique, an assailant could use antagonistic JavaScript hosted on a website to fast concede a smartphone but requiring malware.

A year after rowhammer attacks were initial reported in 2014, researchers during Google Project Zero drew courtesy vulnerabilities inspiring dozens of x86 laptops regulating bit flips in DRAM to expand privileges.

The rowhammer problem is a outcome of timorous DRAM cells, that has done it harder to besiege memory in one residence from guileful information stored in another.

The work demonstrated that steady toggling of a DRAM row’s wordline — rowhammering — “stresses inter-cell coupling effects that accelerate assign steam from circuitously rows”, ensuing in ‘bit flips’ where a cell’s value changes from 1 to 0 or clamp versa.

As noted by Carnegie Mellon University’s CERT, a GLitch conflict is comprised of dual parts: a side-channel to establish a blueprint of earthy memory residence space; and a rowhammer conflict that targets a pattern of DRAM memory.

The dual attacks are afterwards total with a WebGL focus programming interface (API), that is used for digest web graphics in browsers. It also relies on browser support for pointing WebGL timers, that concede a side-channel to trickle memory addresses.

Meanwhile, a GPU allows for “fast double-sided DRAM access, enabling a rowhammer attack”.

The researchers showed that it was probable to use a technique to bypass a Firefox sandbox on Android.

“The accurate timing capabilities supposing by WebGL can concede an assailant to establish a disproportion between cached DRAM accesses and uncached DRAM accesses,” explained CERT researchers Will Dormann and Trent Novelly.

“This can concede an assailant to establish constant areas of earthy DRAM memory. Knowledge of constant memory regions is used in a series of microarchitectural attacks, such as rowhammer.”

Precision timers have been infirm in Chrome and Firefox on Android to lessen a attacks.

Previous and associated coverage

‘Rowhammer’ DRAM smirch could be widespread, says Google

Google’s Project Zero group have found a critical DRAM bug that it’s regulating to inspire mechanism vendors to cough adult some-more information about hardware flaws.

Google’s Project Zero exposes unpatched Windows 10 lockdown bypass

Google denies mixed requests by Microsoft for an prolongation to Project Zero’s 90-day disclose-or-fix deadline.

Google Project Zero ‘tpf0’ feat whets ardour for iOS 11 jailbreak

Google’s Project Zero releases feat that offers wish for an iOS 11 jailbreak.

Internet Explorer zero-day alert: Attackers attack unpatched bug in Microsoft browser

Microsoft is being urged to rush out a patch for a bug in Internet Explorer that’s being used in attacks.

Google’s Project Zero fuzzed tip browsers for bugs: Safari users won’t like a results

Google’s Project Zero releases a open-source apparatus it used to find new bugs in vital browsers.

Android alert: This new form of rowhammer GPU conflict can steal your phone remotely

Video: Turn your Android smartphone into a fort with 10 elementary steps.

Researchers have grown a technique dubbed ‘GLitch’, that uses a WebGL JavaScript graphics library, aided by a device’s integrated GPU, to remotely concede Android smartphone browsers.

The conflict lowers a bar to pulling off supposed rowhammer attacks that flip pieces in earthy memory to impel by in-built confidence protections.

The researchers note that many defenses opposite rowhammer attacks have focused on safeguarding CPU cores, and uncover that GPUs that are integrated with CPUs — common on mobile complement on chips — are another conflict avenue.

“We denote a intensity of such attacks by bypassing state-of-the-art browser defenses and presenting a initial arguable GPU-based rowhammer conflict that compromises a browser on a phone in underneath dual minutes,” a researchers from Vrije Universiteit in Amsterdam write in a new paper.

With this technique, an assailant could use antagonistic JavaScript hosted on a website to fast concede a smartphone but requiring malware.

A year after rowhammer attacks were initial reported in 2014, researchers during Google Project Zero drew courtesy vulnerabilities inspiring dozens of x86 laptops regulating bit flips in DRAM to expand privileges.

The rowhammer problem is a outcome of timorous DRAM cells, that has done it harder to besiege memory in one residence from guileful information stored in another.

The work demonstrated that steady toggling of a DRAM row’s wordline — rowhammering — “stresses inter-cell coupling effects that accelerate assign steam from circuitously rows”, ensuing in ‘bit flips’ where a cell’s value changes from 1 to 0 or clamp versa.

As noted by Carnegie Mellon University’s CERT, a GLitch conflict is comprised of dual parts: a side-channel to establish a blueprint of earthy memory residence space; and a rowhammer conflict that targets a pattern of DRAM memory.

The dual attacks are afterwards total with a WebGL focus programming interface (API), that is used for digest web graphics in browsers. It also relies on browser support for pointing WebGL timers, that concede a side-channel to trickle memory addresses.

Meanwhile, a GPU allows for “fast double-sided DRAM access, enabling a rowhammer attack”.

The researchers showed that it was probable to use a technique to bypass a Firefox sandbox on Android.

“The accurate timing capabilities supposing by WebGL can concede an assailant to establish a disproportion between cached DRAM accesses and uncached DRAM accesses,” explained CERT researchers Will Dormann and Trent Novelly.

“This can concede an assailant to establish constant areas of earthy DRAM memory. Knowledge of constant memory regions is used in a series of microarchitectural attacks, such as rowhammer.”

Precision timers have been infirm in Chrome and Firefox on Android to lessen a attacks.

Previous and associated coverage

‘Rowhammer’ DRAM smirch could be widespread, says Google

Google’s Project Zero group have found a critical DRAM bug that it’s regulating to inspire mechanism vendors to cough adult some-more information about hardware flaws.

Google’s Project Zero exposes unpatched Windows 10 lockdown bypass

Google denies mixed requests by Microsoft for an prolongation to Project Zero’s 90-day disclose-or-fix deadline.

Google Project Zero ‘tpf0’ feat whets ardour for iOS 11 jailbreak

Google’s Project Zero releases feat that offers wish for an iOS 11 jailbreak.

Internet Explorer zero-day alert: Attackers attack unpatched bug in Microsoft browser

Microsoft is being urged to rush out a patch for a bug in Internet Explorer that’s being used in attacks.

Google’s Project Zero fuzzed tip browsers for bugs: Safari users won’t like a results

Google’s Project Zero releases a open-source apparatus it used to find new bugs in vital browsers.

close
==[ Click Here 1X ] [ Close ]==