Rowhammer-Based ‘GLitch’ Exploit Emerges That Can Attack Android Devices via Browsers

Rowhammer-Based 'GLitch' Exploit Emerges That Can Attack Android Devices via BrowsersCalled GLitch, the brand new tap uses GPU to get access access on some Android tablets and may be executed only via a malicious site. It had been in 2016 seen a Rowhammer-based harness could trigger Android apparatus and flow their saved information. But that preceding exploit demanded attackers to set up a malicious program on hardware that is vulnerable to acquire consumer information.
Researchers of VUSec Lab in Vrije Universiteit Amsterdam have elaborated that the GLitch exploit at a newspaper and asserted it takes roughly two minutes to assault a vulnerable Android apparatus by pushing code by a JavaScript component on a malicious website. The exploit especially uses regular JavaScript to undermine the device, rather than requiring any program installation or a distinctive Web app. It basically accesses GPU via a Rowhammer-vulnerable DRAM to take over the machine.

Luckily, the reach of the GLitch exploit is not as broad as the Drammer that emerged in October 2016 to assault countless Android apparatus employing a malicious program. The brand new exploit works just Mozilla’s Firefox browser also may impact apparatus utilizing Snapdragon 800 and Snapdragon 801 SoCs, that gets got the Adreno 330 GPU. In addition, the researchers discovered their version powerful on older devices like the Nexus 5 which was discontinued before.

In an announcement to Ars Technica, Pietro Frigo, among the four researchers at Vrije University Amsterdam Systems and Network Security Group who wrote the newspaper, promised that on various browsers, attackers could call for unique tactics to construct the exploit. “However, theoretically, you can exploit any goal,” he added.

That having been said, Google within an official notice to people at Ars Technica said that the distant vector in Chrome was mitigated on March 13 and its own staff is working together with different browsers to execute similar protections. What’s more, Some unidentified Google researchers allegedly confirmed that Android mobiles include DDR chips which have mitigations to protect the hardware in the GLitch exploit and stop pieces from reversing, which primarily provides distance to Rowhammer attackers.

Share this post