Android ASLR Weakness Found

Friday, June 20, 2014 @ 04:06 PM gHale


A weakness in one of Android’s security features called Address Space Layout Randomization (ASLR) leaves software components vulnerable to attacks that bypass the protection, researchers said.

The goal of the discovery is to help security practitioners identify and understand the future direction of these types of attacks, said Georgia Tech researchers who will present their findings entitled Abusing Performance Optimization Weaknesses to Bypass ASLR, at Black Hat USA 2014, which will be held August 6-7 in Las Vegas, NV.
https://www.blackhat.com/us-14/briefings.html#abusing-performance-optimization-weaknesses-to-bypass-aslr

RELATED STORIES
Linux Vulnerability could Hit Androids
Java to Android Ransomware Rescue
New Exploit Kit Delivering Ransomware
Ransomware Infections Drop after Takedown

The work, which occurred at the Georgia Tech Information Security Center (GTISC) by Ph.D. students Byoungyoung Lee and Yeongjin Jang and research scientist Tielei Wang, found the introduction of performance optimization features can inadvertently harm the security guarantees of an otherwise vetted system. In addition to describing how vulnerabilities originate from such designs, they demonstrate real attacks that exploit them.

“To optimize object tracking for some programming languages, interpreters for the languages may leak address information,” said Lee, lead researcher for the effort. “As a concrete example, we’ll demonstrate how address information can be leaked in the Safari web browser by simply running some JavaScript.”

Experts previously thought bypassing ASLR using hash table leaks was obsolete due to its complexity. By exhaustively investigating various language implementations and presenting concrete attacks, the research aims to show it is still a valid concern.

“As part of our talk, we’ll present an analysis of the Android Zygote process creation model,” Lee said. “The results show that Zygote weakens ASLR as all applications are created with largely identical memory layouts. To highlight the issue, we’ll show two different ASLR bypass attacks using real applications – Google Chrome and VLC Media Player.”



Leave a Reply

You must be logged in to post a comment.