Featured Research

from universities, journals, and other organizations

Android vulnerability debugged

Date:
April 12, 2012
Source:
Fondazione Bruno Kessler
Summary:
Researchers have discovered and neutralized a serious vulnerability present in all versions of Android, the popular operating system developed by Google specifically for smartphones and tablet computers. The vulnerability could have been easily exploited by malicious software applications, with the effect of making devices based on Google's operating system currently on the market completely unusable.

A group of Italian researchers have discovered and neutralized a serious vulnerability present in all versions of Android, the popular operating system developed by Google specifically for smartphones and tablet computers. The vulnerability could have been easily exploited by malicious software applications, with the effect of making devices based on Google's operating system currently on the market completely unusable. The solution proved to be effective and will be included in a future update.

The work was conducted by researchers working in various Italian universities and research centers: Prof. Alessandro Armando, Head of the "Security & Trust" Research Unit at the Bruno Kessler Foundation in Trento and coordinator of the DIST's Artificial Intelligence Laboratory at the University of Genoa, prof. Alessio Merlo (Telematic University E-Campus), Prof. Mauro Migliardi (coordinator of the Green Energy Aware Security at the University of Padua) and Luca Verderame (recent graduate in Computer Engineering at the University of Genoa).

The team of researchers promptly reported the vulnerability to Google and to the Android "security team," providing a detailed analysis of related risks. It also designed a solution that was verified by the security team of Android, and that -- given its effectiveness -- will be adopted in a future operating system update.

If it had not been neutralized, the vulnerability discovered by the Italian team would have allowed a malicious application software (malware) to saturate the physical resources of the device, leading to complete blockage of both Android-based smartphones and Tablet computers. An especially insidious problem because this particular application does not require any authorization during installation and would tend to appear harmless to the user.

This research will be published on the proceedings of the "27th IFIP International Information Security and Privacy Conference -- SEC 2012" (Heraklion, Crete, Greece, June 4-6, 2012).

Technical Information

The identified vulnerability is based on a defect in the control of communication between applications and vital components of Android that allows to systematically exhaust the memory resources of the device by the generation of an arbitrarily large number of processes. The fundamental principle of the security of Android is the total separation between the applications (sandboxing) to ensure that each of these cannot affect in any way the operation of the others. The team of Italian researchers showed that this separation is violated in current systems and indicated the solution to be able to restore it.


Story Source:

The above story is based on materials provided by Fondazione Bruno Kessler. Note: Materials may be edited for content and length.


Cite This Page:

Fondazione Bruno Kessler. "Android vulnerability debugged." ScienceDaily. ScienceDaily, 12 April 2012. <www.sciencedaily.com/releases/2012/04/120412105436.htm>.
Fondazione Bruno Kessler. (2012, April 12). Android vulnerability debugged. ScienceDaily. Retrieved October 20, 2014 from www.sciencedaily.com/releases/2012/04/120412105436.htm
Fondazione Bruno Kessler. "Android vulnerability debugged." ScienceDaily. www.sciencedaily.com/releases/2012/04/120412105436.htm (accessed October 20, 2014).

Share This



More Computers & Math News

Monday, October 20, 2014

Featured Research

from universities, journals, and other organizations


Featured Videos

from AP, Reuters, AFP, and other news services

Facebook Says The DEA's Fake Accounts Go Too Far

Facebook Says The DEA's Fake Accounts Go Too Far

Newsy (Oct. 19, 2014) Facebook says the DEA violated its Terms of Service and that such impersonations damage the integrity of the site. Video provided by Newsy
Powered by NewsLook.com
Court Ruling Means Kids' Online Activity Could Be On Parents

Court Ruling Means Kids' Online Activity Could Be On Parents

Newsy (Oct. 17, 2014) In a ruling attorneys for both sides agreed was a first of its kind, a Georgia appeals court said parents can be held liable for what kids put online. Video provided by Newsy
Powered by NewsLook.com
For Google, Even A $16.5 Billion Earnings Report Is A Miss

For Google, Even A $16.5 Billion Earnings Report Is A Miss

Newsy (Oct. 17, 2014) Analysts were expecting more, but Google’s ad growth slowed on the quarter and the company is spending more of its money. Video provided by Newsy
Powered by NewsLook.com
Obama Signs Cybersecurity Order, Wants Safer Payments

Obama Signs Cybersecurity Order, Wants Safer Payments

Reuters - US Online Video (Oct. 17, 2014) President Barack Obama announces details of a new executive order designed to make federal payments safer following recent massive data breaches. Rough Cut (no reporter narration). Video provided by Reuters
Powered by NewsLook.com

Search ScienceDaily

Number of stories in archives: 140,361

Find with keyword(s):
Enter a keyword or phrase to search ScienceDaily for related topics and research stories.

Save/Print:
Share:

Breaking News:

Strange & Offbeat Stories


Space & Time

Matter & Energy

Computers & Math

In Other News

... from NewsDaily.com

Science News

Health News

Environment News

Technology News



Save/Print:
Share:

Free Subscriptions


Get the latest science news with ScienceDaily's free email newsletters, updated daily and weekly. Or view hourly updated newsfeeds in your RSS reader:

Get Social & Mobile


Keep up to date with the latest news from ScienceDaily via social networks and mobile apps:

Have Feedback?


Tell us what you think of ScienceDaily -- we welcome both positive and negative comments. Have any problems using the site? Questions?
Mobile: iPhone Android Web
Follow: Facebook Twitter Google+
Subscribe: RSS Feeds Email Newsletters
Latest Headlines Health & Medicine Mind & Brain Space & Time Matter & Energy Computers & Math Plants & Animals Earth & Climate Fossils & Ruins