Nearly four years have passed since researchers began to experiment with a hacking technique known as "Rowhammer," which breaks practically every security model of a computer by manipulating the physical electric charge in memory chips to corrupt data in unexpected ways[1]. Since that attack exploits the most fundamental properties of computer hardware, no software patch can fully fix it. And now, for the first time, hackers have found a way to use Rowhammer against Android phones over the internet.
On Thursday, researchers in the VUSec research group at Vrije Universiteit in Amsterdam published a paper[2] that details a new form of the Rowhammer attack they call "GLitch." Like previous versions, it uses Rowhammer's trick of inducing electric leaks in memory to change ones to zeros and vice versa in the data stored there, so-called "bit flips." But the new technique can allow a hacker to run malicious code on some Android phones when the victim simply visits a carefully crafted web page, making it the first ever remote, smartphone-targeted implementation of the Rowhammer attack.
"We wanted to see if Android phones were remotely vulnerable to Rowhammer, and we knew the usual techniques wouldn't work,' Pietro Frigo, one of the researchers who worked on the paper. "By triggering bit flips in a very specific pattern we can actually get control over the browser. We managed to get remote code execution on a smartphone."
A Clever New Hammer
Rowhammer attacks work by exploiting not just the usual abstract flaws in software, but also the actual physics inherent in how computers function. When a processor accesses the rows of minuscule cells that carry electric charges to encode data in ones and zeros, some of that electric charge can very occasionally leak out to a neighboring row,