Skip to content

June 29, 2018

New RAMpage attack affects all Android phones released since 2012

by John_A

RAMpage can access passwords, photos, documents, and more.

There’s a new security vulnerability, boys and girls. It’s called RAMpage and is the latest type of Rowhammer attack to hit the scene.


RAMpage was discovered by a group of eight academics across three different universities and the official research paper was published on June 28, 2018. It reads as follows:

RAMpage breaks the most fundamental isolation between user applications and the operating system. While apps are typically not permitted to read data from other apps, a malicious program can craft a RAMpage exploit to get administrative control and get hold of secrets stored in the device.

As for what kind of secrets RAMpage could access, the paper notes that “this might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents.”

RAMpage targets the ION subsystem in Android which is a memory allocation driver that was first launched by Google alongside Android 4.0 Ice Cream Sandwich. However, even though Android’s the focus of the attack right now, it’s expected that RAMpage could also impact iOS devices, desktops, and more.

Because RAMpage targets ION, gadgets that use LPDDR2/3/4 RAM are all impacted. In other words, if your Android phone was released during or after 2012, it’s vulnerable to the attack.

The research going into RAMpage is still quite new, but now that a spotlight is being placed on it, hopefully we’ll see Google and other OEMs do their part to get devices patched up for users around the globe.

Read through the full research paper here

Read more from News

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Note: HTML is allowed. Your email address will never be published.

Subscribe to comments

%d bloggers like this: