A team of Italian researchers has discovered and patched a Denial of Service (DoS) vulnerability in the Android operating system which could allow attackers to render a device “totally unresponsive”.
An exploiting application targets the Zygote socket in the OS’ Linux layer by forcing the system to fork, thereby flooding it with a large number of requests for dummy processes and using up all of the device’s memory resources.
Using the DoSChecker application, low memory devices, like the Optimus One, crashed within a minute, while the Galaxy Tab last two. The team noted that while the DoS attack was occurring “users experience a progressive reduction of the system responsiveness that ends with the system crash and reboot.”
After the device crashes, it attempts to reboot, but the researchers note that a genuine attacker could engineer malware to run DoSChecker as a boot service, forcing the device to continually crash and reboot. The fix for this situation would the user to manually detect and uninstall the offending application with an abd tool or by reflashing the device.
In addition to the older versions of Android, the researchers tested versions 4.0 and 4.0.3 using emulated devices, achieving the same results.
Two countermeasures against the vulnerability are suggested:
“1. Zygote process fix. This fix consists of checking whether the fork request to the Zygote process comes from a legal source (at present, only the System server, although our patch is trivially adaptable to future developments).
“2. Zygote socket fix. This fix restricts the permissions on the Zygote socket at the Linux layer.”
Both countermeasures are described as functional in the emulator and on the actual devices and the researchers have reported the exploit and fixes to the Android security team.
The Next Web reports that due to the potentially huge danger presented by the vulnerability, Google will be using one of the fixes laid out in the paper as part of the next Android update.
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
Executive hits out at the DoJ's “staggering proposal” to force Google to sell off its…