Android Security Hole More Stupid Error Than Defect
Android Security Hole More Stupid Error Than Defect
Written by Harry Fairhead   
Wednesday, 10 July 2013

The news has been full of lots of scare stories of how a security hole found in the Android operating system could lead to malware taking over almost any device. The claims aren't too wild, but what is really interesting is that rather than being due to some deep-seated flaw in the security system the cause can only be described as a stupid error.


One of the key protection mechanisms in Android is that code is signed.  When an Android application is installed its cryptographic signature is checked to make sure it is the real thing and hasn't been tampered with.  This is fairly standard security but a flaw was made public last week by Jeff Forristal, of Bluebox Security.

The basic claim was that it was possible to change an Android app and have it installed without modifying its signature. The big problem was that the details of the exploit were to be presented at the Black Hat Briefings in August. So many people have been left wondering what sort of exploit this could be. Could it be that the signature used by Android is vulnerable to modification of contents that in some way don't affect the value of the computed signature? If so this would be a big fail for the crypto implementation. 

Now we have a taste of what the issue really is all about in the form of a demo script, which aims at proving that the exploit is practical. The script, created by Pau Oliva Fora, uses nothing but standard tools. First it takes a valid verifiable program and uses the APKTool to decompile it. Then you can recompile it adding new files that carry the payload code that does whatever it wants if the original app has root privileges. The new APK file can then be loaded into an Android device without the new files being checked against the signature.

The reason that this happens is that when the system requests the object corresponding to the key only one object is returned, even if there are two. If the first object is the file that validates correctly then the second version of the same file isn't checked at all. It is as if the valid files are used to mask the presence of the modified files. The second file in the APK is installed even though it is the first that is checked.

This is a serious security problem and it could be exploited, but it is a very silly mistake rather than a deep flaw within the security of the OS. Clearly the solution is to make the signature check process all of the files in the APK even if there are duplicates - or perhaps more simply disallow duplicates.

Some OEMs are already shipping the fix - for example Samsung including to Google Nexus devices.



Top 10 From Around The Web: JavaScript Web Development Resources

The I-Programmer team originates a lot of stuff and reports a lot of news, but there's far more out there than we can possibly cover. So from time to time we trawl through other people's blogs to find [ ... ]

C Slides In TIOBE Index

As 2016 drew to a close attention was drawn to the fact that, while retaining its overall ranking at #2 within the TIOBE Index C had suffered a steady decline for over 12 months.

More News






Last Updated ( Wednesday, 10 July 2013 )

RSS feed of news items only
I Programmer News
Copyright © 2017 All Rights Reserved.
Joomla! is Free Software released under the GNU/GPL License.