Android Security Hole More Stupid Error Than Defect
Android Security Hole More Stupid Error Than Defect
Written by Harry Fairhead   
Wednesday, 10 July 2013

The news has been full of lots of scare stories of how a security hole found in the Android operating system could lead to malware taking over almost any device. The claims aren't too wild, but what is really interesting is that rather than being due to some deep-seated flaw in the security system the cause can only be described as a stupid error.

Androidgears

One of the key protection mechanisms in Android is that code is signed.  When an Android application is installed its cryptographic signature is checked to make sure it is the real thing and hasn't been tampered with.  This is fairly standard security but a flaw was made public last week by Jeff Forristal, of Bluebox Security.

The basic claim was that it was possible to change an Android app and have it installed without modifying its signature. The big problem was that the details of the exploit were to be presented at the Black Hat Briefings in August. So many people have been left wondering what sort of exploit this could be. Could it be that the signature used by Android is vulnerable to modification of contents that in some way don't affect the value of the computed signature? If so this would be a big fail for the crypto implementation. 

Now we have a taste of what the issue really is all about in the form of a demo script, which aims at proving that the exploit is practical. The script, created by Pau Oliva Fora, uses nothing but standard tools. First it takes a valid verifiable program and uses the APKTool to decompile it. Then you can recompile it adding new files that carry the payload code that does whatever it wants if the original app has root privileges. The new APK file can then be loaded into an Android device without the new files being checked against the signature.

The reason that this happens is that when the system requests the object corresponding to the key only one object is returned, even if there are two. If the first object is the file that validates correctly then the second version of the same file isn't checked at all. It is as if the valid files are used to mask the presence of the modified files. The second file in the APK is installed even though it is the first that is checked.

This is a serious security problem and it could be exploited, but it is a very silly mistake rather than a deep flaw within the security of the OS. Clearly the solution is to make the signature check process all of the files in the APK even if there are duplicates - or perhaps more simply disallow duplicates.

Some OEMs are already shipping the fix - for example Samsung including to Google Nexus devices.

Androidgears

Banner


10 Million Raspberry Pis
10/09/2016

It is all too easy to miss the surprise factor in this statistic. We have grown accustomed to the way the Raspberry Pi has taken over the world, but 10 Million Units in four years is amazing. What are [ ... ]



Unity Connect 2016
20/09/2016

The Unity Connect conference is happening again this November with a great mix of sessions on SharePoint and Office 365. The conference and workshops run from 16 to 18 November, and in addition to Sha [ ... ]


More News

 

 

 

 

 

Last Updated ( Wednesday, 10 July 2013 )
 
 

   
Banner
Banner
RSS feed of news items only
I Programmer News
Copyright © 2016 i-programmer.info. All Rights Reserved.
Joomla! is Free Software released under the GNU/GPL License.