for Android and the lack of updates for all commercially available mobile devices running this system-it is a fact that carries with it grim consequences: the lack of security of smartphones and tablets. Researchers from VUSec Labs, the University of California and University of Technology in Graz, has discovered a vulnerability in hardware of smartphones running the Android operating system. A new type of attack was called Drammer, a contraction of the phrase: Deterministic Rowhammer. This feat showed critical flaws in the security architecture of contemporary mobile devices operating with the currently popular operating system in the world.
Android is most often atakowaną attackers mobile platform. However, the detected sensitivity is particularly dangerous, because its result can be the appearance of the malware is able to take full control over your mobile device, regardless of the actions taken by the user. Exploit Drammer is evidence that currently deployed security concept, which unites mainly at the operating system level, may be ineffective against attacks that use bugs in the architecture of the CPU and memory installed on mobile devices running the Android operating system.
experts from the Dutch laboratory analytical VUSec Labs, specializing in mobile data security, working together with scientists from the University of California at Santa Barbara and University of Technology in Graz, demonstrated an attack using a security vulnerability Rowhammer on the Android device. What exactly is vulnerability and how effective can be a new form of attack using the detected sensitivity acceleration?
the Problem is miniaturization. The constant decrease of the DRAM cell (in order to increase their throughput and reduce energy consumption and increase productivity) has also the negative consequences associated with physics. The smaller cell size of DRAM, the less energy you need to in the cell to cause harmful interference caused by certain operations performed on the neighboring elements of the memory structure. This type of interference is defined only for the Rowhammer.
the Problem with impaired memory through well-defined actions performed on the neighboring cells is not new. However, until now the threat of this type performed on desktops and laptops. Now scientists have proved for the first time that the problem also applies to mobile equipment.
the Experts of G Data, during the last two years, I saw how additional attacks aimed at users of mobile equipment. It is worth noting that in the past to avoid infecting devices with malicious code, it requires user interaction, which took place socjotechnicznym trikom independently uaktywniał (often unconsciously or misled) chain attack. Currently is not necessary. Therefore, this attack vector Drammer may in future lead to completely new threats, where the fight would require a revision of the concept of security of the mobile device. He Drammer is not currently used in known anti-virus labs the Android threats, however, in no case, shall not drowsy vigilance of those who are actively fighting with malwarem. The researchers, the fact that the opening of the new attacks as would have made his conduct on a large scale by cyber criminals, but, unfortunately, this does not mean that in the future we won’t have to deal with new forms of attack that use not only the vulnerabili ties in the software, but also exposure to the equipment.
Users of all Android devices you want to automatically receive regular updates of the system software. Unfortunately, more often so that the updates get only the owners of the latest devices that has no commercial basis and is not ethical. The researchers suggested that Android updates, especially those associated with the protection devices must fall within all equipment owners that are running this system, regardless of the version.
No comments:
Post a Comment