A group of eight academia’s across three different universities has discovered new security vulnerability attacking all phone manufacture since 2012. The group in its official research paper published on June 28, 2018 called this, RAMpage which is the latest type of Rowhammer attack hitting smartphones. It is said that with RAMpage, hacker can gain access to all data stored in the handset.
According to the group;
RAMpage breaks the most fundamental isolation between user applications and the operating system. While apps are typically not permitted to read data from other apps, a malicious program can craft a RAMpage exploit to get administrative control and get hold of secrets stored in the device.
RAMpage can access secret information such as your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents. This works be targeting the ION subsystem in Android which is a memory allocation driver that was first launched by Google alongside Android 4.0 Ice Cream Sandwich.
It is believed that the security vulnerability also extends to iOS devices, desktops, and more with Android being the mean focus for now. Android phone released during or after 2012 are largely affected since they uses LPDDR2, LPDDR3 and LPDDR4 RAM chips.