Rooting is something most of the nerds swear by as it gives them access to a plethora of new features which are usually locked by the OEM build. For instance, overclocking the CPU gives one an increased control over the phone hardware and the way in which they can fiddle with it to derive the maximum performance. Rooting phones is apparently not just nerds favorite since it was unearthed recently that attackers can gain root access to the phone by making use of Rowhammer bitflips.
As most of us are aware that Android has had its fair share of malware attacks from the Stagefright to the much recent Quadrooter. According to researchers, they have been successful in designing a method by which the attacker could access a large number of Android phones. Now by the large number, it is but evident that at least millions of Android smartphones are at the peril and the worst thing is that this exploit doesn’t have any fix, as of now. The attack takes the core parts of the operating system and the key security devices hostage and kind of neutralizes the inbuilt security defenses.
Enter Rowhammer, yes this is what the exploit is dubbed. The exploit deserves its notoriety as it can affect devices across the various hardware configuration including those running on ARM chips, unlike the quadrooter that only affected devices running Qualcomm chipsets. The exploit is also said to be capable of completely rooting the phones from manufacturers including, LG, Motorola, OnePlus and mostly other manufacturers too.
Initially, researchers believed that the exploits were possible due to failure on part of some specific security sensitive data and the exploit would eventually not pose a serious threat. However, with the new proof of concept, the earlier perception was shattered. Now most of us might argue that an Android app always needs permission and it is impossible to give it access, well that was not the case with the researcher’s app that was laden with the rooting exploit.
The app with the exploit gains root access to a staggering number of phones and eventually allow the attacker to gain complete control of the device. However, the researchers are yet to solve a puzzling concern, the compromise was not successful on all models of the same device and this behavior is still unexplained. For instance, only 12 out of the 15 Nexus models could be successfully infiltrated.
On a related note, the research for Rowhammer is ongoing since 2015 and the researchers believe that the exploit is carried out using advanced memory management features which are usually available on premium and high-end phones that work on x86 or x64 architecture.
As we said earlier an immediate fix/patch to this exploit seems unrealistic and it seems that Google is working on a long-term fix. Researchers have already notified Google and the exploit has been labeled critical which by the way is the highest threat rating. Google has, in turn, has brought this to the notice of the manufacturing partners and is expected to release a quasi-update this November. Again, researchers stick to their claims that the fix will only make it harder to exploit the phones and will not ward off the threat completely.
Also, the researchers are readying an app that will let you know if your phone is vulnerable to the Rowhammer exploit. The video below shows how the Android 6.0.1 with the usual Google Security patches (October 5) has been successfully attacked. The Rowhammer starts writing new entries to the memory’s page table and eventually gives away root access by opening a shell window.