Google's latest update for Android, 4.1 Jelly Bean, is now suitably protected from malware attacks on the handsets. The new defence is designed to protect users against attacks that install malware from websites and apps.
Security researcher Jon Oberheide said in an analysis of Android 4.1 that Jelly Bean is the first version of the Android operating system to properly use a type of protection known as address space layout randomisation, or ASLR.
This type of security randomises the memory locations for the library, stack, heap and many other OS data structures. This means that hackers who try to program malware that exploits memory corruption bugs will not know where in the memory their lines of code will be loaded, making it extremely difficult to write code for the malware. By moving the operating system's data randomly, ASLR defuses these attacks.
Android 4.0 Ice Cream Sandwich was the first Android version to be released with ASLR, but was poorly coded and ineffective. One main reason was that the executable region, heap, libraries and linker were loaded at the same time and in the same locations in the memory, meaning that hackers could more easily predict where to deploy their malware.
This problem has been fixed on the newer Android 4.1 Jelly Bean, in which the executable region, heap, libraries and linker will all be completely random like all other components of the operating system.
‘As long as there's anything that's not randomised, then (ASLR) doesn't work, because as long as the attacker knows something is in the same spot, they can use that to break out of everything else,' says Charlie Miller, a veteran smartphone hacker and principal research consultant at Accuvant security firm. ‘Jelly Bean is going to be the first version of Android that has full ASLR and DEP, so it's going to be pretty difficult to write exploits for that.'
Android has added to Jelly Bean randomisation of what it calls position-independent executables. This prevents hackers from using a technique called ‘return-oriented programming,' which exploits buffer overflows and other vulnerabilities in the mobile operating system.
One security measure that has been left out of the Android OS is code signing, which has been present in iOS for years. This requires any code loaded onto memory to have a valid digital signature before being executed.
Source:- http://www.knowyourmobile.com/blog/1489534/android_jelly_bean_is_the_most_secure_google_platform_yet.html
0 comments:
Post a Comment