A problem in a memory chip common to Android devices is giving root access to devices and raising issues for Android app security testing. The flaw, known as Rowhammer, is due to the hardware with no need for user interaction or exploitation of existing software issues. It lets hackers exploit the vulnerability through a malicious app and allows them to change memory, something that is otherwise inaccessible. Users with risky Android app security behaviours may install a malicious app that does not require any permissions.
Out of 15 attacks on Google Nexus 5 handsets, 12 attacks were successful; whereas one out of two attacks on a Samsung Galaxy S5 device was successful. Tests on Galaxy S4 and S6, Moto G models and LG G4 also showed inconsistent results. These attacks are inconsistent.
An exploit known as Drammer is able to root Android devices with the help of a completely unauthorized app. This technique proves that hardware based attacks are possible, giving attackers a way to take control of your phone or mobile device even with Android app security in place.
Professor Herbert Bos and his team of researchers discovered the exploit, with a practical demonstration at a security conference in Vienna, Austria. According to him, the demo will show that it’s possible for admin privileges to be taken from an unprivileged app without looking for a software bug. Although Google tried fixing the problem, it couldn’t be done as the vulnerability lies in the hardware and is not an OS level Android app security issue.
Bos and his team have developed “Hammertime”, a Rowhammer simulator, available on Github. The team showed how the attack might work on ARM-based microprocessors since the required “bit-flips” that make the Drammer successful may be reduced on ARM-based memory controller.
This hardware vulnerability undermines Google as it tries to change the narrative around Android app security and bring a focus to the Google Pixel as bridging the gap for device security with the iPhone.
Codified Security is here to help make your mobile app secure whether it’s for iOS, Android app security testing, or to make sure you’re clearing the OWASP Mobile Top 10. For mobile app security testing try out Codified Security.