GLitch is a new way to bypass all security and remote code execution on Android

Under the mysterious name of GLitch is the vulnerability included in the Rowhammer series of attacks that we wrote about two years ago. The same researchers from VUSec Labs and the University of California have now shown a way to circumvent Android security and remote code execution using a mobile graphics processor and a regular web browser.

Rowhammer susceptibility was the previous one against attacks that allow you to get root privileges without interacting with the user. It was possible without typing a system exploit or installed applications - then the attack consisted of manipulating data in DRAM memory - changing some bit sequences from 0 to 1 or vice versa, it was possible to install malicious software and gain access to the root. There was no way to defend against this attack, because Rowhammer is directly related to the production process of memory bones.

GLitch now proves that it is possible to remotely execute code and take control of Android in a different way:

Meet GLitch: the first instance of a remote Rowhammer exploit on ARM Android devices. This is a remote attacker for any software bug.

You even want to know what is this attack even cooler? It is carried out by the GPU. This is the first GPU-accelerated Rowhammer attack.

Researchers have shown that mobile phones can be attacked via a browser. The attacker who controls the website can remotely code on the smartphone via the GPU, accessing the graphic processor thanks to the WebGL API. This creates a large field for cybercriminals who can automate the attack and reach a potentially large group of users with vulnerable phones. Mobile anti-viruses will not help much here.

The experiment was carried out on the Firefox 57 browser on smartphones with Snapdragon 800 and 801 processors. The researchers point out that Chrome does not protect against this attack. Checking if your phone is susceptible to the new Rowhammer is not easy, because a lot depends on the GPU architecture, for which you need to prepare a different attack implementation.

Experts have conducted experience on smartphones LG Nexus 5, HTC One M8 and LG G2, but suspect that it is possible to transfer the attack to other smartphones, which use other processors. However, this is not the rule, because the attack may not bring the expected result at all.

As in the old Rowhammer, it does not matter if the device has security patches and updated software installed. Effective attack depends on the architecture of the graphics processor.



Add new comment

The content of this field is kept private and will not be shown publicly.

Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.