Messing around with the electrical charge of a DRAM chip can actually be an effective way to hijack a smartphone.

On Thursday, a team of Dutch security researchers unveiled some new findings regarding "Rowhammer," an unintended side effect in DRAM chips that can be used to tamper with an entire computer.

Researchers at Vrije Universiteit Amsterdam are showing how a once-theoretical problem can present a real security threat. They've managed to exploit Rowhammer simply by using Javascript in a mobile browser to hack an Android smartphone under two minutes.

The researchers call their proof-of-concept attack "GLitch," and have presented their findings in a new paper. "Our GLitch exploit shows that browser-based Rowhammer attacks are entirely practical," the authors write.

The Rowhammer threat came to light in 2014 when research showed that constantly accessing a computer's DRAM can create a problem: if you repeatedly activate the memory cells you can trigger the electrical charges to fluctuate, potentially altering the data your DRAM stores.

That's a big problem. By exploiting the Rowhammer effect, one program can theoretically manipulate other software running over the computer's DRAM, including the operating system itself.

Since Rowhammer became public in 2014, security experts have been studying the threat, and demonstrating ways it can be exploited for malicious effect. Two years ago, the researchers at Vrije Universiteit showed how Rowhammer can be abused with a malicious app to root an Android phone, and gain administrative privileges.

On Thursday, the Dutch researchers debuted their new "GLitch" attack, which they say can exploit Rowhammer on three older Android smartphones: the LG Nexus 5, the HTC One M8 and the LG G2.

A demo of their attack on a Nexus 5 shows it running over Mozilla's Firefox browser to gain read/write privileges, giving the researchers the ability to execute code over the software. To manipulate the DRAM, the attack leverages Firefox's support for a Javascript API that can control the device's graphics processor.

"These attacks are quite powerful, allowing circumvention of state-of-the-art defenses," the researchers write in their paper. "More alarming, these attacks can be launched from the browser," they added, noting that Google's Chrome browser was susceptible to the same threat.

Fortunately, both Google and Mozilla have introduced fixes that address the researchers' proposed GLitch attack.

"We mitigated this remote vector in Chrome on March 13, and we are working with other browsers so they can implement similar protections," Google said in a statement.

Rowhammer certainly presents some disturbing implications, but according to Google the threat is still largely theoretical. Aside from the researchers' proof-of-concept attack, the company hasn't encountered a fully working exploit that leverages the same technique.

Indeed, hackers have no need to build their tactics around Rowhammer. After all, they already possess an arsenal of ways to hack your PC or phone through tried-and-true methods that don't' require researching how to manipulate a computer's DRAM. (It's also important to note the Nexus 5 used in the GLitch proof-of-concept attack suffers from outdated software that's vulnerable to many other bugs.)

However, the Dutch researchers are underscoring that the Rowhammer threat is not only real, but has the potential to cause some real mayhem. "This makes it possible for an attacker who controls a malicious website to get remote code execution on a smartphone without relying on any software bug," they warned in their findings.

According to the researchers, there's no way to fully block a phone's GPU from tampering with the DRAM. Nevertheless, the team has been working with Google on options to solve the issue, but ideally hardware vendors will have to come up with a more permanent fix.

Further Reading

Security Reviews