Skip to main content

Android Users Should Be Aware Of New Drammer Hack

By November 3, 2016May 25th, 2021Blog, Cybersecurity

androidxusersThe Linux exploit called Rowhammer is back in the news. This time, it’s targeting Android devices.

If you missed the news about Rowhammer, or need a refresher, the exploit basically works like this: if you can engineer a piece of malware that will consistently access the same row of memory on an installed chip, hammering at it, it will cause electricity to leak to the adjacent row of memory, which is expressed as a bit. This bit is all that’s needed for a hacker to take full control of the target system.

Unfortunately, the Android operating system is based on Linux, and recently, researchers have demonstrated that the same basic kind of attack can be used to take root level control over Android devices.

This new proof of concept has been dubbed “Drammer” and could potentially impact most of the Andriod devices on the market today. The researchers started with Android devices because they were already familiar with Linux, but were quick to point out that the same type of attack could likely be engineered to work against devices running iOS with additional research.

If there was a severity level higher than “critical,” Rowhammer and Drammer would occupy that designation. It’s about as serious as a security flaw can get, because it requires no special permissions to run, and can even work when the user puts their smart device in sleep mode.

Worse, there’s no easy fix for this. The exploit that Drammer and Rowhammer rely on to work is so fundamental to OS design that it would require a dramatic overhaul and rethink to patch out of existence.

Fortunately, there have been no reported instances of this attack being used in the wild. For now, it exists solely as a proof of concept and is confined to the research lab. That said, it’s just a matter of time before a hacker of sufficient skill works out a reliable way to deploy malware containing this exploit, at which time, all bets are off.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.