Android Security Hole More Stupid Error Than Defect
Written by Harry Fairhead   
Wednesday, 10 July 2013

The news has been full of lots of scare stories of how a security hole found in the Android operating system could lead to malware taking over almost any device. The claims aren't too wild, but what is really interesting is that rather than being due to some deep-seated flaw in the security system the cause can only be described as a stupid error.

Androidgears

One of the key protection mechanisms in Android is that code is signed.  When an Android application is installed its cryptographic signature is checked to make sure it is the real thing and hasn't been tampered with.  This is fairly standard security but a flaw was made public last week by Jeff Forristal, of Bluebox Security.

The basic claim was that it was possible to change an Android app and have it installed without modifying its signature. The big problem was that the details of the exploit were to be presented at the Black Hat Briefings in August. So many people have been left wondering what sort of exploit this could be. Could it be that the signature used by Android is vulnerable to modification of contents that in some way don't affect the value of the computed signature? If so this would be a big fail for the crypto implementation. 

Now we have a taste of what the issue really is all about in the form of a demo script, which aims at proving that the exploit is practical. The script, created by Pau Oliva Fora, uses nothing but standard tools. First it takes a valid verifiable program and uses the APKTool to decompile it. Then you can recompile it adding new files that carry the payload code that does whatever it wants if the original app has root privileges. The new APK file can then be loaded into an Android device without the new files being checked against the signature.

The reason that this happens is that when the system requests the object corresponding to the key only one object is returned, even if there are two. If the first object is the file that validates correctly then the second version of the same file isn't checked at all. It is as if the valid files are used to mask the presence of the modified files. The second file in the APK is installed even though it is the first that is checked.

This is a serious security problem and it could be exploited, but it is a very silly mistake rather than a deep flaw within the security of the OS. Clearly the solution is to make the signature check process all of the files in the APK even if there are duplicates - or perhaps more simply disallow duplicates.

Some OEMs are already shipping the fix - for example Samsung including to Google Nexus devices.

Androidgears

Banner


Node-RED Another Way To The IoT
08/10/2014

It seems every one is trying to get on top of the IoT with some software that will rule the world - more or less literally in this case. Now IBM has an open source tool based on node.js cleverly calle [ ... ]



The Docker Way To Development
29/09/2014

Docker is the new way to distribute apps and entire systems in the cloud, on VMs and physical hardware. Now you can set up a development environment with a single command courtesy of a set of new Dock [ ... ]


More News

 

 

 

 

 

Last Updated ( Wednesday, 10 July 2013 )
 
 

   
RSS feed of news items only
I Programmer News
Copyright © 2014 i-programmer.info. All Rights Reserved.
Joomla! is Free Software released under the GNU/GPL License.