Italian researchers have uncovered an Android vulnerability which could render a device unusable through a DoS attack
An exploiting application targets the Zygote socket in the OS’ Linux layer by forcing the system to fork, thereby flooding it with a large number of requests for dummy processes and using up all of the device’s memory resources.
Perpetual Denial of Service
Alessandro Armando, Alessio Merlo, Luca Verderame, all from the University of Genoa, and Mauro Migliardi, from the University of Padova, tested the exploit on rooted and stock manufacturers’ versions of Android across various devices, including the LG Optimus One, the Samsung Galaxy Tab 7.1 and the HTC Desire HD.
Using the DoSChecker application, low memory devices, like the Optimus One, crashed within a minute, while the Galaxy Tab last two. The team noted that while the DoS attack was occurring “users experience a progressive reduction of the system responsiveness that ends with the system crash and reboot.”
After the device crashes, it attempts to reboot, but the researchers note that a genuine attacker could engineer malware to run DoSChecker as a boot service, forcing the device to continually crash and reboot. The fix for this situation would the user to manually detect and uninstall the offending application with an abd tool or by reflashing the device.
In addition to the older versions of Android, the researchers tested versions 4.0 and 4.0.3 using emulated devices, achieving the same results.
Two countermeasures against the vulnerability are suggested:
“1. Zygote process fix. This fix consists of checking whether the fork request to the Zygote process comes from a legal source (at present, only the System server, although our patch is trivially adaptable to future developments).
“2. Zygote socket fix. This fix restricts the permissions on the Zygote socket at the Linux layer.”
Both countermeasures are described as functional in the emulator and on the actual devices and the researchers have reported the exploit and fixes to the Android security team.
The Next Web reports that due to the potentially huge danger presented by the vulnerability, Google will be using one of the fixes laid out in the paper as part of the next Android update.