googles researchers bypass android feature that should have blocked stagefright
Last Updated : GMT 06:49:16
Arab Today, arab today
Arab Today, arab today
Last Updated : GMT 06:49:16
Arab Today, arab today

Google's researchers bypass Android feature that should have blocked Stagefright

Arab Today, arab today

Arab Today, arab today Google's researchers bypass Android feature that should have blocked Stagefright

​Google's Project Zero
Tehran - FNA

Google's Project Zero security researchers challenged the claim by Google that an Android security feature would have protected 90 percent of devices from Stagefright attacks.

Google's security researchers have found that an anti-exploitation feature in Android that should block Stagefright-based attacks can be bypassed.

In the aftermath of the Stagefright bug, Google told media that 90 percent of Android devices would have been protected from an attack using the bug because Google had implemented address space layout randomisation (ASLR) in Android. Google introduced ASLR to Android in 2012 with version 4.1, ZDnet reported.

Google made the point as neither it, nor other Android OEMs, had released Stagefright patches for some time - some were only delivered two months after the news of the bug came to light.

ASLR is implemented in most operating systems to make it more difficult for an attacker to, for example, exploit memory corruption weaknesses. Symantec describes ASLR as a "prophylactic security technology" that strengthens security by increasing the diversity of attack targets. It doesn't remove existing flaws, but will make them more difficult to exploit.

As Ars Technica noted, the problem with Google's claim that ASLR would have protected users from Stagefright is that it was only partly true. Google's own Project Zero security team -- which is tasked with finding holes in Google's and other vendors' software -- has devised brute force bypass for ASLR that would be practical in a real-world web attack, such as planting an exploit on an attack website.

"I did some extended testing on my Nexus 5; and results were pretty much as expected," wrote Mark Brand of Project Zero.

"In 4096 exploit attempts I got 15 successful callbacks; the shortest time-to-successful-exploit was lucky, at around 30 seconds, and the longest was over an hour. Given that the mediaserver process is throttled to launching once every 5 seconds, and the chance of success is 1/256 per attempt, this gives us a ~4% chance of a successful exploit each minute," he added.

Describing the ASLR bypass itself, Brand noted: "We simply choose one of the 256 possible base addresses for libc.so, and write our exploit and ROP stack assuming that layout. Launching the exploit from the browser, we use javascript to keep refreshing the page, and wait for a callback. Eventually memory will be laid out as we expect, bypassing ASLR with brute force in a practical enough way for real-world exploitation."

Despite this, Brand noted that would be trivial to exploit the Stagefright bugs if ASLR was disabled.

Project Zero has provided the Android security team advice on how to harden ASLR to prevent bypasses, but Brand noted that even with these they won't prove non-exploitability of future memory corruption bugs on Android devices.

arabstoday
arabstoday

Name *

E-mail *

Comment Title*

Comment *

: Characters Left

Mandatory *

Terms of use

Publishing Terms: Not to offend the author, or to persons or sanctities or attacking religions or divine self. And stay away from sectarian and racial incitement and insults.

I agree with the Terms of Use

Security Code*

googles researchers bypass android feature that should have blocked stagefright googles researchers bypass android feature that should have blocked stagefright

 



Name *

E-mail *

Comment Title*

Comment *

: Characters Left

Mandatory *

Terms of use

Publishing Terms: Not to offend the author, or to persons or sanctities or attacking religions or divine self. And stay away from sectarian and racial incitement and insults.

I agree with the Terms of Use

Security Code*

googles researchers bypass android feature that should have blocked stagefright googles researchers bypass android feature that should have blocked stagefright

 



GMT 23:45 2017 Tuesday ,17 October

Kerry calls for Syrian, Arab ground troops against IS

GMT 03:38 2017 Wednesday ,22 March

Somalia's new president names 26-minister cabinet

GMT 19:39 2017 Wednesday ,18 October

Gatland eyes New Zealand rugby jobs after Wales

GMT 12:08 2017 Saturday ,16 September

Dutch 360-degree beachfront painting gets public facelift

GMT 05:16 2016 Wednesday ,15 June

Scientists use underwater robots

GMT 02:41 2017 Sunday ,16 April

Pentagon confirms DPRK missile launch fails

GMT 18:00 2011 Thursday ,12 May

Attack on Celtic manager sparks inquiry

GMT 10:40 2017 Saturday ,30 September

Trump says to decide Fed chair in 2, 3 weeks

GMT 01:10 2017 Monday ,10 July

Islamic social media to be launched by year end

GMT 13:17 2016 Monday ,08 February

Russia shuts down 2 more banks

GMT 07:19 2017 Sunday ,31 December

Nepal bans solo climbers from Everest

GMT 10:48 2014 Saturday ,22 March

Parata launches new digital education portal

GMT 17:47 2017 Tuesday ,18 April

Saudi Shoura member in favor of women driving

GMT 19:07 2011 Tuesday ,19 April

Electric cars: night-time charging better
Arab Today, arab today
 
 Arab Today Facebook,arab today facebook  Arab Today Twitter,arab today twitter Arab Today Rss,arab today rss  Arab Today Youtube,arab today youtube  Arab Today Youtube,arab today youtube

Maintained and developed by Arabs Today Group SAL.
All rights reserved to Arab Today Media Group 2021 ©

Maintained and developed by Arabs Today Group SAL.
All rights reserved to Arab Today Media Group 2021 ©

arabstoday arabstoday arabstoday arabstoday
arabstoday arabstoday arabstoday
arabstoday
بناية النخيل - رأس النبع _ خلف السفارة الفرنسية _بيروت - لبنان
arabstoday, Arabstoday, Arabstoday