Notification Center

This is our new notification center. Inside, you will find updates on the most important things happening right now.

Notifications

Hmm, push notifications seem to be disabled in your browser. You can enable them from the 'Settings' icon in the URL bar of your browser.

www.phonearena.com

Google uses the power of open-source to create exploit fix for Android

6
Google uses the power of open-source to create exploit fix for Android
Italian researchers recently uncovered a pretty big exploit that affected all versions of the Android system, which allowed for Denial of Service (DoS) attacks to be carried out. The researchers also created a fix for said exploit, and now Google is going to use that fix in an upcoming patch for Android. 

The research behind the discovery and patch were posted on a University of Genoa website run by the researchers involved: Alessandro Armando, “Security Trust” Research Unit chief and coordinator of the Artificial Intelligence Laboratory at the University of Genoa, Alessio Merlo of Telematic University E-Campus, Professor. Mauro Migliardi, a coordinator at the University of Padova and Luke Verderame, and Computer Engineering graduate at the University of Genoa. 

According to the research, the exploit was previously unknown, and "allows a malicious application to force the system to fork an unbounded number of processes and thereby mounting a Denial-of-Service (DoS) attack that makes the device totally unresponsive." The exploit was tested on a number of phones and tablets, including the LG Optimus One and Samsung Galaxy Tab, and was found to be able to freeze a device in about 2 minutes. 

Because Android is open-source, the researchers were not only able to find this exploit, but where able to create a patch and detail the how the fix worked in the paper. Google has checked out the work, found it all valid, and in an effort to push out a fix as quickly as possible, will be using the patch detailed by the researchers in a future update to Android. 

No word yet on if Google plans to compensate the researchers, but Google has a well publicized "bug bounty", so it's highly likely that Google will give the researchers something for their efforts. 

source: Research paper (PDF) via The Next Web

New reasons to get excited every week

Get the most important news, reviews and deals in mobile tech delivered straight to your inbox

FCC OKs Cingular\'s purchase of AT&T Wireless