Updated June 29, 2018: Shortly after news broke on RAMpage, Google reached out to Android Central with the following statement: "We have worked closely with the team from Vrije Universiteit, and though this vulnerability isn't a practical concern for the overwhelming majority of users, we appreciate any effort to protect them and advance the field of security research. While we recognize the theoretical proof of concept from the researchers, we are not aware of any exploit against Android devices."
There's a new security vulnerability, boys and girls. It's called RAMpage and is the latest type of Rowhammer attack to hit the scene.
RAMpage was discovered by a group of eight academics across three different universities and the official research paper was published on June 28, 2018. It reads as follows:
RAMpage breaks the most fundamental isolation between user applications and the operating system. While apps are typically not permitted to read data from other apps, a malicious program can craft a RAMpage exploit to get administrative control and get hold of secrets stored in the device.
As for what kind of secrets RAMpage could access, the paper notes that "this might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents."
RAMpage targets the ION subsystem in Android which is a memory allocation driver that was first launched by Google alongside Android 4.0 Ice Cream Sandwich. However, even though Android's the focus of the attack right now, it's expected that RAMpage could also impact iOS devices, desktops, and more.
Because RAMpage targets ION, gadgets that use LPDDR2/3/4 RAM are all impacted. In other words, if your Android phone was released during or after 2012, it's vulnerable to the attack.
The research going into RAMpage is still quite new, but now that a spotlight is being placed on it, hopefully we'll see Google and other OEMs do their part to get devices patched up for users around the globe.
We may earn a commission for purchases using our links. Learn more.
Android AirDrop competitor Nearby Sharing gets shown off in hands-on video
Thanks to the guys over at XDA-Developers, we are getting a first look at Android's upcoming AirDrop competitor Nearby Sharing, formerly Fast Share.
YouTube moderators have to acknowledge growing risk of PTSD — or else
Accenture, the firm behind YouTube's moderation services, has been found forcing its contractors to sign a document acknowledging the potential for mental health decline. While pitched as voluntary, deferring contractors have been threatened with firing.
When will my phone get Android 10?
Android 10 is here! So, why isn't it on your phone yet? Here's a breakdown of which phones are confirmed to get the update and when you can look forward to it.
The best Honor phones available right now
Huawei's ongoing trade ban has affected its Honor sub-brand as well, with the manufacturer launching fewer devices than usual last year. That said, we got to see a few standout phones in the likes of the Honor 20