Google uses the power of open-source to create exploit fix for Android

Google uses the power of open-source to create exploit fix for Android
Italian researchers recently uncovered a pretty big exploit that affected all versions of the Android system, which allowed for Denial of Service (DoS) attacks to be carried out. The researchers also created a fix for said exploit, and now Google is going to use that fix in an upcoming patch for Android. 

The research behind the discovery and patch were posted on a University of Genoa website run by the researchers involved: Alessandro Armando, “Security Trust” Research Unit chief and coordinator of the Artificial Intelligence Laboratory at the University of Genoa, Alessio Merlo of Telematic University E-Campus, Professor. Mauro Migliardi, a coordinator at the University of Padova and Luke Verderame, and Computer Engineering graduate at the University of Genoa. 

According to the research, the exploit was previously unknown, and "allows a malicious application to force the system to fork an unbounded number of processes and thereby mounting a Denial-of-Service (DoS) attack that makes the device totally unresponsive." The exploit was tested on a number of phones and tablets, including the LG Optimus One and Samsung Galaxy Tab, and was found to be able to freeze a device in about 2 minutes. 

Because Android is open-source, the researchers were not only able to find this exploit, but where able to create a patch and detail the how the fix worked in the paper. Google has checked out the work, found it all valid, and in an effort to push out a fix as quickly as possible, will be using the patch detailed by the researchers in a future update to Android. 

No word yet on if Google plans to compensate the researchers, but Google has a well publicized "bug bounty", so it's highly likely that Google will give the researchers something for their efforts. 

source: Research paper (PDF) via The Next Web

FEATURED VIDEO

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.
FCC OKs Cingular's purchase of AT&T Wireless