A new method of attack dubbed DRAMMER could be exploited to gain ‘root’ access to millions of Android smartphones and take control of affected devices.

Earlier last year, security researchers from Google’s Project Zero outlined a way to hijack the computers running Linux by abusing a design flaw in the memory and gaining higher kernel privileges on the system.

Now, the same previously found designing weakness has been exploited to gain unfettered “root” access to millions of Android smartphones, allowing potentially anyone to take control of the affected devices.

Experts from the VUSec Lab at Vrije Universiteit Amsterdam have discovered a vulnerability that could be exploited to gain “root” access to millions of Android smartphones targeting the device’s dynamic random access memory (DRAM). using an attack called DRAMMER.

The attack called Rowhammer, is not new, but this is the first time it was successfully used against target mobile devices.

On March 2015, security researchers at Google’s Project Zero team demonstrated how to hijack the Intel-compatible PCs running Linux by exploiting the physical weaknesses in certain varieties of DDR DRAM (double data rate dynamic random-access memory) chips.

By exploiting the rowhammer technique the hackers can obtain higher kernel privileges on the target system. Rowhammer is classified as a problem affecting some recent DRAM devices in which repeatedly accessing a row of memory can cause bit flips in adjacent rows, this means that theoretically an attacker can change any value of the bit in the memory.

The Rowhammer attack for mobile device involves a malicious application that once in execution repeatedly accesses the same “row” of transistors on a memory chip in a tiny fraction of a second (Hammering process)

Hammering a specific portion of memory can electrically interfere with neighboring row. This interference can cause the row to leak electricity into the next row, which eventually causes a bit to flip and consequent data modification.

An attacker can exploit these modifications to execute its code and gain control of the device.

In short, Rowhammer is an issue with new generation DRAM chips in which repeatedly accessing a row of memory can cause “bit flipping” in an adjacent row that could allow anyone to change the value of contents stored in the memory.

The researchers created a proof-of-concept exploit, dubbed DRAMMER, to test mobile the Rowhammer attack on mobile devices.

Details on the DRAMMER attack are included in a paper published by the experts and on this page.

The hack could modify crucial bits of data allowing an attacker to root Android devices from major vendors, including Samsung, OnePlus, LG, and Motorola.

The experts exploited the Android mechanism known as the ION memory allocator to give an app a direct access to the dynamic random access memory (DRAM). The ION memory allocator also allows the attackers to identify adjacent rows on the DRAM, which is essential to power the Rowhammer attack by generating bit flips.

The ability allowed the researchers to achieve root access on the victim’s device, giving them full control of the mobile device.

“On a high level, our technique works by exhausting available memory chunks of different sizes to drive the physical memory allocator into a state in which it has to start serving memory from regions that we can reliably predict,” states the paper.

“We then force the allocator to place the target security-sensitive data, i.e., a page table, at a position in physical memory which is vulnerable to bit flips and which we can hammer from adjacent parts of memory under our control.”