Google to patch Android DoS exploit

Google is working on a patch to fix a denial-of-service exploit on its Android operating system for smartphones and tablets, a tech site reported late Monday.

 

Four researchers representing some of Italy’s top universities and research centers identified and patched the exploit, The Next Web reported.

 

The exploit was detailed in a research paper by Alessandro Armando, Head of the Security & Trust Research Unit and coordinator of the Artificial Intelligence Laboratory at the University of Genoa; Alessio Merlo of Telematic University E-Campus; Professor Mauro Migliardi, a coordinator at the University of Padova; and Luke Verderame, Computer Engineering graduate at the University of Genoa.

 

In their paper, the researchers said the vulnerability allows a malicious application to force the system to fork an unbounded number of processes and thereby mount a Denial-of-Service (DoS) attack that makes the device “totally unresponsive.”

 

A test application was used on smartphones including the LG Optimus One smartphone and different tablets including the Samsung Galaxy Tab.

 

“The Optimius One froze in less than a minute while others — including the Galaxy Tab — froze in under two minutes,” The Next Web reported.

 

It noted the team managed to invoke a process in the Linux layer that does not perform a binding operation with an Android app, and bypass the security policies within the OS.

 

This allowed them to occupy all of the memory resources on a smartphone or tablet, without needing to access malicious Android permissions.

 

“If an enterprising malware app developer forced an application to load on boot, a reboot of the device would prove fruitless,” The Next Web said.

 

Two fixes

 

The team offered two fixes, the first of which checking if the specific process comes from a legal source, one being the System Server, and the second restricting the permissions on the target socket at the Linux layer.

 

Google, faced with the need to ensure the bug was fixed soonest, had to use the fix provided in the paper. The Next web said Google will roll out the fix in future Android OS updates. — TJD, GMA News