Hardware-based attack requires no software vulnerability or user permission
Security researchers will this week demonstrate a new class of hardware-based attacks that, they claim, could enable hackers to acquire root access to Android devices without exploiting any software flaws or requiring user permission.
“The root of the problem is that many memory chips have a hardware vulnerability, known as Rowhammer,” Herbert Bos, professor of systems security at Vrije Universiteit Amsterdam in The Netherlands told Computing.
He continued: “It allows attackers to change the content of memory that they should never be able to access. The effect is pure physics, but exploitable from software.”
Since the Rowhammer attack was first publicised, attacks against Android devices have provided inconsistent results, with 12 attacks against 15 different Google Nexus 5 devices proving successful, for example, and only one of two attacks against the Samsung Galaxy S5.
For more information click here