A new security hole has been discovered in the world's most widely used smartphone operating system, Android, which could affect virtually every version of the system from 2012.
Eight academics from three different universities jointly reported the discovery of a security hole affecting Android and was called "RAMpage". RAMpage breaks fundamental isolation between user-installed applications and the operating system's own processes, remembering a bit the failures we had this year on Intel processors on traditional computers.
The exploitation of RAMpage allows attackers to gain administrative access to the system and hence access to data stored on the device, including passwords stored in applications or browsers, photos and videos, emails, instant messages, etc.
RAMpage attacks the ION subsystem on Androids, which is a memory allocation driver that was released by Google along with Android 4.0 Ice Cream Sandwich. Interestingly, researchers claim that RAMpage is versatile and conceivable to see attacks involving it on iOS devices and even desktops.
Like RAMpage for ION, gadgets that use LPDDR2 / 3/4 RAM are affected. In other words, if your Android phone was launched during or after 2012, it is potentially vulnerable to attack.
The research involving RAMpage is still fairly new, but now that a spotlight is being placed on it, we expect Google and other OEMs to do their part to get patched devices for users around the world. Which once again may end up weighing said device fragmentation, as we discussed in yesterday's article about Android GO. Source _____________________________________________________________________________ See any errors or would you like to add any suggestions to this article? Collaborate, click here.