Google’s Project Zero team finds address space layout randomization offers less protection against Stagefright than Google PR claims (Dan Goodin/Ars…

Ron Amadeo Members of Google’s Project Zero vulnerability research team have challenged a key talking point surrounding the security of Google’s Android mobile operating system. To wit, a key exploit mitigation known as address space layout randomization does much less than the company’s overworked public relations people say in blocking attacks targeting critical weaknesses in Android’s stagefright media library. As Ars reported beginning in July, a series of vulnerabilities in the libstagefright library made it possible for attackers to remotely execute malicious code on close to one billion Android phones . In the following seven weeks, Google has released updates that either lessen the severity of attacks or directly fix the underlying cause, although many users have yet to receive the fixes, and some probably never will . Throughout the resulting media storm, Google PR people have repeatedly held up the assurance that the raft of stagefright vulnerabilities is difficult to exploit in practice on phones running recent Android versions. The reason, they said: address space layout randomization, which came to maturity in Android 4.1, neutralizes such attacks. Generally speaking, ASLR does nothing to fix a buffer overflow or similar software bug that causes the vulnerability in the first place. Instead, the defense vastly decreases the chances that a remote-code-execution attack exploiting such bugs will succeed. ASLR does this by loading downloaded scripts in a different memory location each time the operating system is rebooted. If the attacker can’t locate the malicious code, the exploit results in a simple crash, rather than a game-over hack. On Wednesday, Project Zero researchers tested a home-grown stagefright exploit on a Nexus 5 device running an Android 5.x version. The results showed that at best, ASLR will lower the chances their exploit will succeed. Meanwhile, Joshua Drake, the security researcher who first disclosed the critical vulnerabilities in the code library, said Android ASLR does even less to prevent a new custom exploit he has developed from working. The ASLR shortcomings stem from two root causes. First the randomization offers just eight bits of entropy, meaning there are only 2 8 , or 256, possible locations where attackers can find their malicious payload

View article:
Google’s Project Zero team finds address space layout randomization offers less protection against Stagefright than Google PR claims (Dan Goodin/Ars…

About kanmg

Check Also

Mario Armstrong Holiday Gifts - OtterBox

Mario Armstrong Holiday Gifts – OtterBox

**Sponsored Content** Digital Lifestyle Expert, Mario Armstrong, partnered with OtterBox to share the perfect gift …

Leave a Reply

Your email address will not be published. Required fields are marked *