This issue has been resolved in Android 9.0, with the release of the security patch for May. As a result of the upgrade, users of Android 8.0 and below are strongly encouraged to upgrade as soon as possible. In addition, due to the fact that Android 8.0 contains a fix for this issue, it is no longer necessary to keep Android 8.0 at a minimum of March security patch level. It is now safe to keep Android 8.0 at any patch level. In the past, out of bounds write issues such as this one could only be exploited if the user had an application that relied on a specific out of bounds write to function. With the introduction of Rowhammer attack, these issues are now potentially exploitable with seemingly benign applications. As a result, users are advised to keep an eye on their installed applications for possible exploitation through out of bounds write issues.

What is an out of bounds write?

An out of bounds write is a security vulnerability in a computer system that could lead to the execution of arbitrary code. These reads and writes are not normally allowed by the operating system's memory management policy as they exceed the physical memory boundaries.
The technique was discovered by a team of researchers from Columbia University led by Professor Jann-Feng Liao who discovered that everyday applications that rely on reading or writing data within user-specified ranges could be used to exploit speculative execution vulnerabilities such as this one.

What is an Out of Bounds Write?

Out of bounds writes occur when memory is allocated in an application that has been tampered with, and an out-of-range value is written to the memory. The out of range value can lead to unexpected behavior in the code. For example, if an out of bounds write to a given address is performed by a malicious app on a phone, the device could crash or even execute arbitrary code remotely. In most cases, this type of exploit would require physical access to a user's device in order to be attempted.

What is the Android Rowhammer Attack?

The Rowhammer attack is a security vulnerability that affects DDR3 DRAM chips. This vulnerability allows an attacker to access otherwise protected data by repeatedly accessing rows of memory near the target location until the error condition occurs. On most systems, this can be achieved by simply reloading the same application repeatedly, or by opening a specific number of applications in close proximity at the same time.

Android 8.0 Rowhammer attacks and how to protect yourself

This issue has been fixed in Android 9.0, but it is still possible to be exploited on devices running on Android 8.0 and below. The Rowhammer attack was discovered in the last month of 2017 and has been found to affect the entire ecosystem. In fact, the issue affects everything from mobile phones to servers that run Linux operating systems. Basically, anything with a CPU can be affected by this issue -- a computer, a cell phone or even a pacemaker.
The attack works by using the power of an app processor cache (the L1 cache) and applying voltage at certain points that can cause data corruption. When this happens it could result in sensitive information being exposed such as passwords, financial data, emails or even medical records.

Installing the Latest Android Security Updates

Android uses a simple process of downloading and installing updates to fix security issues. The current process for Android is as follows:
- First, the user must have automatic (OEM) or manual (ADB sideload) access to the device.
- Next, users must download and install the latest Android update on the device.
- After the installation, the system automatically detects any other outdated Android updates that might exist on a device and prompts to install them.
There is no reason why you cannot have both automatic and manual access. If you need to install an update manually, first make sure you have your phone connected to your computer with ADB sideloading enabled. Once connected, run "adb devices" in order to check if your phone is recognized by ADB sideloading. If so, then run "adb sideload

Timeline

Published on: 09/14/2022 16:15:00 UTC
Last modified on: 09/16/2022 19:20:00 UTC

References