Stefan Mileschin

Rampage is an evolution of Rowhammer

Almost all Android devices released since 2012 are vulnerable to RAMpage bug, an international team of academics has revealed.

The report said that the vulnerability, tracked as CVE-2018-9442, is a variation of the Rowhammer attack. Rowhammer is a hardware bug in modern memory cards.

Rampage exploits a critical vulnerability in modern phones that allows apps to gain unauthorized access to the device. While apps are typically not permitted to read data from other apps, a malicious program can craft a RAMpage exploit to get administrative control and get hold of secrets stored in the device. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents.

A few years ago researchers discovered that when someone would send repeated write/read requests to the same row of memory cells, the write/read operations would create an electrical field that would alter data stored on nearby memory. In the following years, researchers discovered that Rowhammer-like attacks affected personal computers, virtual machines, and Android devices. Through further researcher, they also found they could execute Rowhammer attacks via JavaScript code, GPU cards, and network packets.

While the Tame Apple Press is celebrating they are not telling you is that RAMpage may also affect Apple devices, home computers, or even cloud servers.

Researchers say they've updated a previous app they used in the past to detected Drammer to also identify if a device is vulnerable to RAMpage.

https://fudzilla.com/news/46643-andr...by-rampage-bug