Are You Prepared for Another Rowhammer Attack?
It’s been nearly 4 years since our devices were left obliterated by the “Rowhammer” attack. Researchers and investigators are still trying to study more about the attack, to prevent it from happening again in the future. You may ask what is so special about this anyway that it is still being discussed? Well, unlike other attacks, this is capable of breaking every security protocol implemented.
By manipulating electric charge in memory bits and corrupts data in them. Since this one attacks on the most fundamental property of any system, no software is effective enough to patch it! Well, you might be wondering that this was found quite early, and what is all the hype about? Read further and know about the same!
Recently, Dutch researchers have found a way with which this can be used against Android phones as well. The VUSec research group at Vrije Universiteit in Amsterdam has published a paper regarding this new Android exploit. This version operates similarly like the previous one and uses ransomware tricks to initiate electric leaks in memory. Though it sounds extremely impossible, it has potential to initiate something disastrous. As we know that the data in memory is stored in form of zeros and ones, the electric leak thus introduced can initiate “bit flips” through continuous hammering of bits and this can eventually let hackers gain access to the memory bits in your system.
There Is Even More..
These attacks have a drastic effect because they aren’t just working on the usual software flaws, but also on the science which makes working on any system possible. If don’t know anything about bit flips, then you are at the best place to know about it! It’s basically starts when a processor tries to access the rows of the memory cells and carries electrical charges in order to encode. Many a time, the charges leak out to the neighboring memory cell and flip the bits. If the hacker is able to repeatedly hammer bits, it won’t be an uphill task to get deeper control of the hosts’ memory bits. Earlier, the researchers had found that this attack can work similarly on the Linux system as well. To get over the hurdle, the experts have conveyed that GPU should be used. Why? Because its cache can be easily controlled.
When the experts of google were asked about this, they replied that this kind of attack is highly theoretical and cannot take place in near future! We understand why they said it, possibly because most of the hacks on Android phones are because of malicious apps and not due to leaking charges or hammer bits! The company has also claimed that they have tested it and conveyed that new phones aren’t susceptible to it. On the flip side the researchers claim that they were able to flip bits even in Pixel phone. Google has tried to cover this up but it is not something that should be overlooked. So instead of getting offended, the companies should try and make things right!
Also Read: Can ISPs Be Trusted With Our Personal Data?
What Should The Companies Do?
In most cases, when there is something wrong and it may affect the reputation of company, then instead of accepting and taking responsibility for the same, they start covering it up. First thing that needs to be changed is that they should start taking responsibility for the same. Furthermore, software developers could make Rowhammer far harder to exploit.
Also, this points out that hardware manufacturers will now require keeping an eye on advancing attacks as well so that android exploit via Rowhammer does not become common. The reason behind this is that there are a lot of ways with which we can deal with software attacks. However, we are almost defenseless to the attacks on hardware making us even more vulnerable. Pietro Frigo, a researcher has said that “Every time someone proposes a new defense against Rowhammer, someone finds a way to break it, and once a phone is vulnerable to Rowhammer, it’s going to be vulnerable until you throw it away.”
As the high minds are already aware of this, they have started working on the projects that might bring security not only to our software but also to hardware. What are your views on this? Do let us know in the comments section below!