New RAMpage exploit revives Rowhammer attack to root Android devices

In late 2016, Google’s security team scrambled to fix a critical vulnerability that allowed attackers to gain unfettered root access to Android devices by using a relatively new class of exploit that manipulates data stored in memory chips. Now, 21 months later, many of the same researchers behind the attack, dubbed Drammer, are back to say that a large number of Android phones and tablets remain vulnerable to the rooting attacks because the patches Google deployed weren’t adequate.

Both Drammer and the newly disclosed RAMpage attacks exploit Rowhammer, a class of exploit that alters data stored in memory chips by repeatedly accessing the internal rows where individual bits are stored. By “hammering” the rows thousands of times a second, the technique causes the bits to flip, meaning 0s are changed to 1s and vice versa.

The original Rowhammer attack against PCs made it possible for an untrusted computer application to gain nearly unfettered system privileges or to bypass security sandboxes designed to keep malicious code from accessing sensitive operating system resources. A later variation allowed JavaScript hosted on websites to effect the same security-sensitive bitflips.

The Android-based Drammer exploit demonstrated that Rowhammer attacks could have far-reaching effects on a much wider range of devices than was previously assumed, including those running ARM chips. The exploit opened the possibility that apps posing as legitimate wares could surreptitiously root devices and, in the process, neuter key security defenses built into Android that prevent one app from accessing passwords or other sensitive data belonging to the operating system or other apps that run on it.

In the months following the Drammer disclosure, Google mitigated the damage that malicious apps could do by making changes to Android’s ION memory manager, which restricted access to physical contiguous kernel memory.

Not good enough

“With RAMpage, we show that the deployed software patches are not good enough,” Victor van der Veen, a Vrije Universiteit Amsterdam professor who helped devise both Drammer and RAMpage exploits, wrote in an email. “Taking the disabled contiguous heap as an example again, we found that you can still obtain physically contiguous memory by playing with the allocator. By allocating and releasing memory chunks, we can ‘defragment’ physical memory, freeing up large holes. If we then allocate a large chunk, chances of getting contiguous memory increase, and we can confirm this by using existing side channels.”

In a blog post published last Wednesday, Van der Veen and his colleagues said that “every [Android-based] mobile device that is shipped with LPDDR2, LPDDR3, or LPDDR4 memory is potentially affected [by RAMpage], which is effectively every mobile phone since 2012.” In an email, he said that he and his colleagues have successfully achieved bit flips on Nexus 5 devices shipped with LPDDR3, a Nexus 4 with LPDDR2, and a Google Pixel 1 with LPDDR4, but they have not done it consistently.

“This is why we state that every mobile device with LPDDR2, LPDDR3, or LPDDR4 is potentially affected: we have seen flips on devices shipped with all these types of memory, but we have also seen devices without any bit flips,” van der Veen explained in the email. “An example is the Google Pixel: of the three devices that we bought, we could only flip bits on two of them.”

People who want to test if their device is vulnerable can download this test app. It requires default Android settings to be changed to allow “sideloading” from non-Google Play sources. The RAMpage bug has been indexed as CVE-2018-9442.