Video: Turn your Android smartphone into a bunker with 10 simple steps.
Researchers have developed a technique dubbed 'GLitch', which uses the WebGL JavaScript graphics library, aided by a device's integrated GPU, to remotely compromise Android smartphone browsers.
The attack lowers the bar to pulling off so-called rowhammer attacks that flip bits in physical memory to ram through in-built security protections.
The researchers note that most defenses against rowhammer attacks have focused on protecting CPU cores, and show that GPUs that are integrated with CPUs -- common on mobile system on chips -- are another attack avenue.
"We demonstrate the potential of such attacks by bypassing state-of-the-art browser defenses and presenting the first reliable GPU-based rowhammer attack that compromises a browser on a phone in under two minutes," the researchers from Vrije Universiteit in Amsterdam write in a new paper[1].
With this technique, an attacker could use malicious JavaScript hosted on a website to quickly compromise a smartphone without requiring malware.
A year after rowhammer attacks were first reported in 2014, researchers at Google Project Zero drew attention vulnerabilities[2] affecting dozens of x86 laptops using bit flips in DRAM to escalate privileges.
The rowhammer problem is the result of shrinking DRAM cells, which has made it harder to isolate memory in one address from corrupting data stored in another.
The work demonstrated that repeated toggling of a DRAM row's wordline -- rowhammering -- "stresses inter-cell coupling effects that accelerate charge leakage from nearby rows", resulting in 'bit flips' where a cell's value changes from 1 to 0 or vice versa.
As noted by Carnegie Mellon University's CERT[3], the GLitch attack is comprised of two