Android's theoretical RAMpage exploit affects all Android phones released since 2012

Reading time icon 2 min. read

Readers help support MSPoweruser. When you make a purchase using links on our site, we may earn an affiliate commission. Tooltip Icon

Read the affiliate disclosure page to find out how can you help MSPoweruser effortlessly and without spending any money. Read more

A new Android vulnerability, RAMpage, has been discovered by security researchers this week.

Here’s what it does:

RAMpage breaks the most fundamental isolation between user applications and the operating system. While apps are typically not permitted to read data from other apps, a malicious program can craft a RAMpage exploit to get administrative control and get hold of secrets stored in the device.

RAMpage affects all Android phones released since 2012 since it attacks devices which use LPDDR2/3/4 RAM.

The nature of the attack is such that it could grant access to stored passwords in a password manager, photos, and files stored on the device, and we are really heavy on the ‘could’ here.

There are no known exploits of RAMpage in the wild, and Google claims that the vast majority of users are safe from the attack

Google delivered the following statement regarding RAMpage:

“We have worked closely with the team from Vrije Universiteit, and though this vulnerability isn’t a practical concern for the overwhelming majority of users, we appreciate any effort to protect them and advance the field of security research. While we recognize the theoretical proof of concept from the researchers, we are not aware of any exploit against Android devices.”

Whether that’s true or not, one hopes Google patches out the issue before it becomes an issue.

Source: Android Central

More about the topics: android, Rampage, security, Security Researchers, vulnerability

Leave a Reply

Your email address will not be published. Required fields are marked *