What gadgets store our personal details, keep us in touch with friends and co-workers, provide access to our financial accounts, and even secure our homes? You guessed it right – our smartphones!
Our smartphones have evolved to become the digital portals to our entire lives and due to this larger role, cybercriminals are targeting them more than ever.
It’s scary to think that the hacker’s toolkit constantly evolves. Techniques and vulnerabilities are discovered seemingly every day. It’s a cat and mouse game as both white hat (the good guys) and black hat (the bad guys) hackers constantly poke holes in popular systems while software makers try their best to keep up.
Read on and I’ll tell you about this newly discovered technique that can put your smartphone in danger.
Security researchers at the Vrije Universiteit in Amsterdam have discovered a new attack technique called “GLitch.”
With it, a hacker can potentially take over your smartphone by simply having you visit a booby-trapped website!
What is Row Hammering?
Without getting too technical, row hammering is an attack technique that exploits the way modern RAM works (particularly DRAM, the dynamic type of RAM). The technique was publicly revealed by Google’s Project Zero team back in 2015.
Due to the ever-shrinking physical size of RAM cells (to accommodate larger capacities on the same surface area), preventing memory leakages from one cell to another is getting trickier.
With tighter RAM silicon grids, it was discovered that an attacker can repeatedly target a specific memory cell (hence the name “row-hammer”) to corrupt nearby cells and “bit flip” their values from 1 to 0 and vice-versa.
Fortunately, since row hammering is considered a serious threat, mitigations are already in place in most operating systems (OS) and modern web browsers.
What makes the GLitch attack different?
So far, all the security fixes for row hammering involve the way a device’s processor and RAM work together.
But as the Vrije Universiteit researchers discovered, since modern gadgets commonly have their graphics chips (GPUs) integrated with the CPUs as well, attackers can bypass browser defenses and use row hammering attacks directly on the GPU.
This is most especially true with mobile gadgets where internal component space is a premium.
According to the researchers, by exploiting a web browser’s JavaScipt WebGL interface (the “GL” in GLitch comes from WebGL), hackers can potentially row-hammer an Android smartphone’s GPU.
This browser exploit allows them to take over the gadget without the need for malware installs nor rooting. GLitch can also successfully compromise a gadget in less than 2 minutes. Yikes!
How about the memory cache, you might ask? Shouldn’t that protect you from row-hammer type attacks? It turns out, the GPU caching algorithm in some Android chipsets is easy to predict.
By attacking the GPU memory in a specific pattern, the researchers found that they can clog the cache so it will no longer provide protection.
How to protect yourself from GLitch
The GLitch technique reportedly works on both the Chrome and Firefox browsers on Android. Thankfully, fixes are already underway to mitigate the functions that make row-hammer attacks on Android GPUs possible.
But keep in mind that all the GLitch techniques that the researchers demonstrated are proof-of-concept attacks. They were all performed in controlled environments and their real-world counterparts are harder to pull off.
Perhaps, GLitch is but another reminder that, similar to the Meltdown and Spectre chip flaws, sometimes we pay a price when component manufacturers relentlessly pursue speed and efficiency over security.
In other news, Microsoft’s Meltdown patch has a “fatal flaw”
Microsoft’s fixes for the Meltdown chip vulnerability reportedly has a fatal flaw that renders all the recent Meltdown patches useless. Click here to learn more.