Martin's selection of few interesting IT Security, Privacy, and free tools from the Net: On your smartphone, Is it possible to deliver Malware via your browser without downloading an app? - Yes using an old technique called "row hammering" ,the researchers call it "Glitch" attack.

Monday, May 7, 2018

On your smartphone, Is it possible to deliver Malware via your browser without downloading an app? - Yes using an old technique called "row hammering" ,the researchers call it "Glitch" attack.

Greatly simplified, row hammering means reading the same DRAM memory addresses over and over again

Aim: pull off a row hammering attack in the browser, using nothing more than JavaScript served up in a web page.

They figured out how to align their “hammerable row” with a JavaScript array in such a way that random bit flips in the array might, with a bit of luck, give them read and write access to memory in ways that JavaScript is supposed to prevent.

That means not only data leakage by reading from memory that’s supposed to be private, but also the possibility of remote code execution (RCE) by poking machine code into protected memory and then running it.

https://nakedsecurity.sophos.com/2018/05/05/serious-security-the-glitch-row-hammering-attack/

Martin's selection of few interesting IT Security, Privacy, and free tools from the Net

Monday, May 7, 2018

On your smartphone, Is it possible to deliver Malware via your browser without downloading an app? - Yes using an old technique called "row hammering" ,the researchers call it "Glitch" attack.

No comments:

Post a Comment

Popular Posts

Categories

Blog Archive