Google uses the power of open-source to create exploit fix for Android

Google uses the power of open-source to create exploit fix for Android
Italian researchers recently uncovered a pretty big exploit that affected all versions of the Android system, which allowed for Denial of Service (DoS) attacks to be carried out. The researchers also created a fix for said exploit, and now Google is going to use that fix in an upcoming patch for Android. 

The research behind the discovery and patch were posted on a University of Genoa website run by the researchers involved: Alessandro Armando, “Security Trust” Research Unit chief and coordinator of the Artificial Intelligence Laboratory at the University of Genoa, Alessio Merlo of Telematic University E-Campus, Professor. Mauro Migliardi, a coordinator at the University of Padova and Luke Verderame, and Computer Engineering graduate at the University of Genoa. 

According to the research, the exploit was previously unknown, and "allows a malicious application to force the system to fork an unbounded number of processes and thereby mounting a Denial-of-Service (DoS) attack that makes the device totally unresponsive." The exploit was tested on a number of phones and tablets, including the LG Optimus One and Samsung Galaxy Tab, and was found to be able to freeze a device in about 2 minutes. 

Because Android is open-source, the researchers were not only able to find this exploit, but where able to create a patch and detail the how the fix worked in the paper. Google has checked out the work, found it all valid, and in an effort to push out a fix as quickly as possible, will be using the patch detailed by the researchers in a future update to Android. 

No word yet on if Google plans to compensate the researchers, but Google has a well publicized "bug bounty", so it's highly likely that Google will give the researchers something for their efforts. 

source: Research paper (PDF) via The Next Web

FEATURED VIDEO

6 Comments

1. NOKIA.8800.ARTE

Posts: 100; Member since: Mar 26, 2012

Good luck to it. android will be fixed properly... Yes good news...

2. theBankRobber

Posts: 682; Member since: Sep 22, 2011

Probably almost all android devices have this issue, But at least Google isn't pointing the fingers at their customers. Who's knows how this could be getting into our devices.

3. Gusto

Posts: 28; Member since: Mar 20, 2012

It would be nice if Google started to invest in the University that discovered the bug.

4. Zayuh24

Posts: 149; Member since: Nov 21, 2011

I bet the carriers won't even allow this update on all their android devices, similar to many major updates that improve the overall performance of phones. If it's a universal code, it should be applied to ALL phones, but carriers choose which and when updates happen.

5. redrooster13

Posts: 110; Member since: Feb 20, 2012

now google needs to release it to the rom developers.

6. networkdood

Posts: 6330; Member since: Mar 31, 2010

I gave everyone a thumbs up on here as we have some iDIOT in secret thumbing all posts down....

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.