Android Security Symposium 2017

Drammer: Flip Feng Shui goes mobile

About the speaker

Victor van der Veen

Vrije Universiteit Amsterdam, Amsterdam, Netherlands

Victor is a PhD candidate in the System and Network Security Group (VUSec) at Vrije Universiteit Amsterdam where he also obtained his MSc degree in Computer Science in August 2013. He is currently under the supervision of dr. Cristiano Giuffrida and prof. dr. ir. Herbert Bos.

His research focuses on - but is not limited to - malware on smartphones and is part of the Dutch-American Project Arrangement about cooperative research and development on cybersecurity. Besides mobile malware, Victor is also interested in (low-level) system topics that enhance system security, as well as reverse engineering and analyzing malicious code.

vvdveen.com | vusec.net

Abstract

Rowhammer is a hardware bug that allows attackers to manipulate data in memory without accessing it.
More specifically, by reading many times from a specific memory location, somewhere else in memory a
bit may flip (a one becomes a zero, or a zero becomes a one). Flip Feng Shui - or FFS - is a technique
that allows for reliable exploitation of the Rowhammer vulnerability by combining it with a memory
massaging primitive to land sensitive data on a vulnerable location.

In this talk, I present Drammer: a new attack that exploits the Rowhammer hardware vulnerability on
Android devices. As an instance of the Flip Feng Shui exploitation technique, it is the first Android
root exploit that does not rely on any software vulnerability.

By discussing the requirements for FFS, I first provide an introduction to reliable Rowhammer
exploitation. In the second part of my talk, I show how flipping a single bit is enough for Drammer
to get root access on an Android device. Note that this will be a highly technical talk: you will
learn about page tables and the buddy allocator. Fun guaranteed!

Slides

Get the slides here.

Video