Google uses the power of open-source to create exploit fix for Android
Share:
Italian researchers recently uncovered a pretty big exploit that affected all versions of the Android system, which allowed for Denial of Service (DoS) attacks to be carried out. The researchers also created a fix for said exploit, and now Google is going to use that fix in an upcoming patch for Android.
The research behind the discovery and patch were posted on a University of Genoa website run by the researchers involved: Alessandro Armando, “Security Trust” Research Unit chief and coordinator of the Artificial Intelligence Laboratory at the University of Genoa, Alessio Merlo of Telematic University E-Campus, Professor. Mauro Migliardi, a coordinator at the University of Padova and Luke Verderame, and Computer Engineering graduate at the University of Genoa.
According to the research, the exploit was previously unknown, and "allows a malicious application to force the system to fork an unbounded number of processes and thereby mounting a Denial-of-Service (DoS) attack that makes the device totally unresponsive." The exploit was tested on a number of phones and tablets, including the LG Optimus One and Samsung Galaxy Tab, and was found to be able to freeze a device in about 2 minutes.
Because Android is open-source, the researchers were not only able to find this exploit, but where able to create a patch and detail the how the fix worked in the paper. Google has checked out the work, found it all valid, and in an effort to push out a fix as quickly as possible, will be using the patch detailed by the researchers in a future update to Android.
No word yet on if Google plans to compensate the researchers, but Google has a well publicized "bug bounty", so it's highly likely that Google will give the researchers something for their efforts.
source: Research paper (PDF) via The Next Web
Share:
US proposing to share some "prime spectrum" with carriers 
University researchers create self-repairing plastics 
6 Comments
1. NOKIA.8800.ARTE posted on 27 Mar 2012, 16:07 4 11
Good luck to it. android will be fixed properly...
Yes good news...
2. theBankRobber posted on 27 Mar 2012, 16:17 9 1
Probably almost all android devices have this issue, But at least Google isn't pointing the fingers at their customers. Who's knows how this could be getting into our devices.
3. Gusto posted on 27 Mar 2012, 16:28 7 1
It would be nice if Google started to invest in the University that discovered the bug.
4. Zayuh24 posted on 27 Mar 2012, 17:52 4 1
I bet the carriers won't even allow this update on all their android devices, similar to many major updates that improve the overall performance of phones. If it's a universal code, it should be applied to ALL phones, but carriers choose which and when updates happen.
5. redrooster13 posted on 27 Mar 2012, 20:27 4 1
now google needs to release it to the rom developers.
6. networkdood posted on 27 Mar 2012, 22:06 6 0
I gave everyone a thumbs up on here as we have some iDIOT in secret thumbing all posts down....
