Android RAMpage vulnerability could wipe out smartphone memory

(Image from Pixabay)

A team of security researchers discovered a new vulnerability that would likely affect every Android phone — and even tablets — released after 2012. The vulnerability is dubbed as RAMpage because it targets the RAM (random-access memory) of devices.

When the RAMpage Android exploit attacks the device’s LPPDR (low-power double data rate), it could potentially erase all data in the memory including emails, messages, passwords, and photos. The vulnerability cannot only wipe out memory but could also be accessed and manipulated by hackers, according to Android Authority.

The exploit could persistently “send read/write requests to the memory modules of a device” and if it succeeds, “a malicious app could create an electrical field within the RAM that could alter data stored on nearby memory cells.”

The said vulnerability is still a proof of concept and there are no reported incidents yet.

The security researchers explained in a paper they published how there were able to exploit the LPDDR of an LG G4, which was released in South Korea on April 25, 2015.

Bring down the walls

According to Android Authority’s post, RAMpage is a variation of another exploit on the OS called Rowhammer and the behavior is almost the same. However, the report said RAMpage is specifically targeting a part of the OS introduced in Android Ice Cream Sandwich update called ION, which basically handles how much memory would go to various applications. The exploit has the power to bring down the walls and expose the phone’s overall system.

To protect smartphones from the potential attacks of RAMpage, which is, to reiterate, still a proof of concept, the security researchers released GuardION, which is posted on GitHub. To see if their Android phones are vulnerable to this exploit, users can sideload their device to Drammer, a website developed by the researchers.

Categories: News

Tagged as: , , ,

1 reply »