GLitch attack


The researchers dubbed their attack “GLitch,” as it leverages WebGL, a JavaScript API for rendering interactive graphics in web browsers, to determine the physical memory layout of the DRAM memory before starting the targeted Rowhammer attack.

Vulnerable smartphones can be targeted by tricking users into visiting a website hosting a malicious JavaScript. A successful exploitation results in malicious code being run on the devices, but just within the privilege of the browser, meaning that a complete compromise of the device is not possible but password theft is.

“The impact of combining both the side-channel attack and rowhammer attack has been demonstrated to bypass the Firefox sandbox on the Android platform,” the SEI CERT division noted.

“It is important to realize that the GLitch attack has only successfully been demonstrated on the Nexus 5 phone, which was released in 2013. The Nexus 5 phone received its last software security update in October, 2015, and is therefore an already unsafe device to use. Several other phones released in 2013 were tested, but were not able to successfully be attacked with the GLitch attack. Success rates on phones newer than 2013 models were not provided. Non-Android devices were not tested as well.”

The researchers have told Wired that the attack can be modified to target different phone architectures and different browsers.

To mitigate the risk of this particular attack, Google and Mozilla have already released updates for Chrome and Firefox that disable the high precision WebGL timers leveraged to leak memory addresses.

GLitch attack PDF