GLitch: New 'Rowhammer' Attack Can Remotely Hijack Android Phones

For the very first time, security researchers have discovered an effective way to exploit a four-year-old hacking technique called Rowhammer to hijack an Android phone remotely.

Dubbed GLitch, the proof-of-concept technique is a new addition to the Rowhammer attack series which leverages embedded graphics processing units (GPUs) to carry out a Rowhammer attack against Android smartphones.

Rowhammer is a problem with recent generation dynamic random access memory (DRAM) chips in which repeatedly accessing a row of memory can cause "bit flipping" in an adjacent row, allowing anyone to change the value of contents stored in computer memory.

Last year, a team of researchers in the VUSec Lab at Vrije Universiteit Amsterdam demonstrated that the Rowhammer technique could also work on Android Smart phones, but with a major limitation of a malicious application being first installed on the target phone.

However, the same team of researchers has now shown how their proof-of-concept attack "GLitch," can exploit the Rowhammer attack technique simply by hosting a website running malicious JavaScript code to remotely hack an Android smartphone under just 2 minutes, without relying on any software bug.

Since the malicious code runs only within the privileges of the web browser, it can spy on user's browsing pattern or steal their credentials. However, the attacker cannot gain further access to user's Android phone.

Currently, GLitch targets smartphones running the Snapdragon 800 and 801 system on a chip—that includes both CPU and GPU—meaning the PoC works only on older Android phones like the LG Nexus 5, HTC One M8, or LG G2. The attack can be launched against Firefox and Chrome.