A group of researchers has observed a new manner that lets attackers hit Android devices remotely by leveraging a 4-year-vintage method referred to as Rowhammer. Called GLitch, the fresh make the most uses GPU to gain backdoor get entry to on a few Android smartphones and can be carried out sincerely via a malicious internet site. It changed into in 2016 noticed that a Rowhammer-based totally take advantage of ought to root Android devices and leak their stored information. However, that preceding exploit required attackers to put in a malicious app on prone hardware to obtain consumer records.
Thankfully, the scope of the GLitch make the most isn’t as huge as the Drummer that emerged in October 2016 to assault hundreds of thousands of Android devices using a malicious app. The new make the most works simplest Mozilla’s Firefox browser and might effect devices the usage of Snapdragon 800 and Snapdragon 801 SoCs, which has the Adreno 330 GPU. Moreover, the researchers located their version a hit on older gadgets consisting of the Nexus 5 that had been discontinued in the beyond.
In an announcement to Ars Technica, Pietro Frigo, one of the four researchers in Vrije University Amsterdam Systems and Network Security Group who authored the paper, confident that on different browsers, attackers should require different strategies to build the take advantage of. “But, theoretically, you may make the most any target,” he brought.
That being stated, Google in a respectable observe to folks at Ars Technica said that the far-flung vector in Chrome has been mitigated on March thirteen and its crew is operating with other browsers to implement comparable protections. Mozilla, alternatively, disabled the inclined EXT_DISJOINT_TIMER_QUERY inside the March release of Firefox fifty-nine and is ready to alternate the WebGL specifications in Firefox 60 so as to be launched on May 9 to make it more difficult for attackers to compromise gadgets thru any Rowhammer-based exploits. Furthermore, Some nameless Google researchers reportedly showed that newer Android telephones come with DDR chips which have mitigations to shield the hardware from the GLitch take advantage of and prevent bits from flipping, which broadly speaking gives area to Rowhammer attackers.