rampage and guardion Vulnerabilities in modern phones enable unauthorized access.

rampage works on Android devices, including smartphones and tablets. It is not unlikely that similar attacks are possible on Apple products or even regular personal computers and the cloud.

rampage exploits a critical vulnerability in modern phones that allows apps to gain unauthorized access to the device. While apps are typically not permitted to read data from other apps, a malicious program can craft a rampage exploit to get administrative control and get hold of secrets stored in the device. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents.

Although guardion is not deployed in operating systems yet, there are ongoing efforts to realize this. The source code for guardion is available online in the form of an Android kernel patch.

guardion defends against rampage attacks. It prevents an attacker from modifying critical data structures by carefully enforcing a novel isolation policy. guardion won the best research award at the International Conference on Computing Systems (CompSys 2018).

If your device is shipped with vulnerable memory and runs with an unpatched operating system, it is not safe to work with sensitive information without the chance of leaking it. Unfortunately, there are no software patches against rampage deployed yet.

rampage breaks the most fundamental isolation between user applications and the operating system. This attack allows an app to take full administrative control over the device.

We developed an Android app to test whether your device might be vulnerable toattacks. The core of our app consists of a component for which we also released the source code . After a successful run, the app uploads anonymized output. We will use this to get a better understanding of how many devices are vulnerable. Of course, you can opt out of sharing results.

Questions & Answers

Am I affected by the vulnerability? That is unclear. You can get some level of indication by running our That is unclear. You can get some level of indication by running our test app

Can I detect if someone has exploited rampage against me? Probably not. The exploitation does not leave any traces in traditional log files.

Can my antivirus app detect or block this attack? While possible in theory, this is unlikely in practice. Unlike usual malware, rampage is hard to distinguish from regular benign applications. However, your antivirus may detect malware which uses the attacks by comparing binaries after they become known.

What can be leaked? If your system is affected, our proof-of-concept exploit can take full control over your device and access anything on it. This may include passwords and sensitive data stored on the system.

Has rampage been abused in the wild? We don't know.

Is there a workaround/fix? No. The only efforts that we are aware of is our own work, guardion .

What systems are affected by rampage ? Android-based devices may be affected by rampage . More technically, every mobile device that is shipped with LPDDR2, LPDDR3, or LPDDR4 memory is potentially affected, which is effectively every mobile phone since 2012. We successfully tested rampage on an LG G4. At the moment, it is unclear whether desktop operating systems are also affected, but this seems very likely.

What is the difference between rampage and guardion ? guardion is a defense to mitigate rampage attacks.

Why is it called rampage ? The vulnerability basically rams memory pages to obtain arbitrary read and write access.

Why is it called guardion ? The name is based on the Android memory subsystem called ION that rampage uses. By inserting guards, rampage attacks become much harder.

What is guardions of the galaxy ? That would be our guardion defense deployed on any Samsung model.

Is there more technical information about rampage and guardion ? Yes, there is an rampage and guardion . Yes, there is an academic paper aboutand

What is CVE-2018-9442? CVE-2018-9442 is the official reference to rampage . CVE is the Standard for Information Security Vulnerability Names maintained by MITRE.

Can I see rampage in action? No.

Can I use the logo? Yes. And please get us a T-shirt while you're at it. And stickers. We like stickers.

Is there a proof-of-concept code? No, not for the rampage attack. Our implementation of the guardion defense, however, is open source and available at No, not for theattack. Our implementation of thedefense, however, is open source and available at github.com/vusec/guardion

Why does this page look like the Spectre and Meltdown websites? You mean like imitation is the sincerest form of flattery. This page is obviously a nod towards the huge (and in our eyes truly deserved) Spectre/Meltdown hype from earlier this year. It should be clear that rampage is not even close to being the next Spectre. Having said that, we (1) like our logos, and (2) hope that this page gets more people involved in rampage exploits) is. By getting more people to run our updated drammer test app, we hope to get a better understanding of this issue, allowing us to make decisions on how to move forward (i.e., should we continue looking for defenses or is this an already-solved problem?) You mean like this ? BecauseThis page is obviously a nod towards the huge (and in our eyes truly deserved) Spectre/Meltdown hype from earlier this year.Having said that, we (1) like our logos, and (2) hope that this page gets more people involved in contributing to research : It is currently unclear how widespread the Rowhammer bug (the hardware error thatexploits) is. By getting more people to run our updatedtest app, we hope to get a better understanding of this issue, allowing us to make decisions on how to move forward (i.e., should we continue looking for defenses or is this an already-solved problem?)