Title :
Two vulnerabilities in Android OS kernel
Author :
Xiali Hei ; Xiaojiang Du ; Shan Lin
Author_Institution :
Dept. of Comput. & Inf. Sci., Temple Univ., Philadelphia, PA, USA
Abstract :
Android Honeycomb operating system is widely used for tablet devices, such as Samsung Galaxy Tab. The Android system programs are usually efficient and secure in memory management. However, there has been a few security issues reported that show Android´s insufficient protection to the kernel. In this work, we reveal a new security pitfall in memory management that can cause severe errors and even system failures. Existing security software for android do not detect this pitfall, due to the private implementation of Android kernel. We then discuss two vulnerabilities introduced by this pitfall: 1) malicious programs can escalate the root-level privilege of a process, through which it can disable the security software, implant malicious codes and install rootkits in the kernel; 2) deny of service attacks can be launched. Experiments have been conducted to verify these two vulnerabilities on Samsung Galaxy Tab 10.1 with Tegra 2 CPU. To protect systems from these vulnerabilities, we proposed a patching solution, which has been adopted by Google.
Keywords :
operating system kernels; security of data; smart phones; storage management; Android OS kernel; Android honeycomb operating system; Android system programs; Samsung Galaxy Tab 10.1; Tegra 2 CPU; memory management; security pitfall; security software; service attacks; system failures; tablet devices; Androids; Humanoid robots; Kernel; Linux; Malware; Smart phones; Android Honeycomb OS; DoS; Kernel privileges elevating; Nvidia Tegra;
Conference_Titel :
Communications (ICC), 2013 IEEE International Conference on
Conference_Location :
Budapest
DOI :
10.1109/ICC.2013.6655583
