Information Security News
Researchers have devised an attack that gains unfettered "root" access to a large number of Android phones, exploiting a relatively new type of bug that allows adversaries to manipulate data stored in memory chips.
The breakthrough has the potential to make millions of Android phones vulnerable, at least until a security fix is available, to a new form of attack that seizes control of core parts of the operating system and neuters key security defenses. Equally important, it demonstrates that the new class of exploit, dubbed Rowhammer, can have malicious and far-reaching effects on a much wider number of devices than was previously known, including those running ARM chips.
Previously, some experts believed Rowhammer attacks that altered specific pieces of security-sensitive data weren't reliable enough to pose a viable threat because exploits depended on chance hardware faults or advanced memory-management features that could be easily adapted to repel the attacks. But the new proof-of-concept attack developed by an international team of academic researchers is challenging those assumptions.
Last Friday, a large DDoS attack against Dyn caused many popular websites to be unreachable. The outage was discussed on mainstream news outlets. It is likely that you will be asked to brief your boss or your team about this attack. To help you out, we prepared a brief presentation that you may use as part of such a briefing. We publish the slides and a video of the presentation for you to use. You may modify the slides at will (add/remove to them) . But please give us credit if you use any of the material.
If you have any feedback, please let us know. We may update the presentation later this evening based on any suggestions we receive.
Powerpoint Slides: https://isc.sans.edu/presentations/dyndnsattack.pptx
YouTube Video of Presentation:https://youtu.be/AsEzDXjyhG8