Android 4.1 Jelly Bean: First Google OS to Fully Implement ASLR, Makes It Harder For Malware Attacks

Since its inception the Android platform has been no stranger to malware attacks. While these incidents seem unavoidable at times, Google has committed to fighting off these threats with each installment of the Android mobile OS. Specifically with Android 4.1 Jelly Bean, the company has moved towards a thorough implementation of ASLR (address space layout randomization) to push back on malware hacks.

We first saw ASLR as a partial solution in Android 4.0 Ice Cream Sandwich. ASLR support in Android 4.0 merely randomized select key locations in memory and did not prevent other common return-oriented programming exploits. Additionally, there was a multitude of other main areas of the OS memory space that were not randomized. Partial ASLR support meant higher opportunities for malware.

Thankfully, with the onset of Jelly Bean that’s all changed with the addition of position-independent executables and randomizing the heap and the linkers. Here is what Duo security researcher Jon Oberheide had to say in a recently published analysis report on Android 4.1 Jelly Bean,

“As we mentioned in our previous post on Android ASLR, the executable mapping in the process address space was not randomized in Ice Cream Sandwich, making ROP-style attacks possible using the whole executable as a source of gadgets. In Jelly Bean, most binaries are now compiled/linked with the PIE flag, which means they will be properly randomized when executed” Oberheide continued to explain, “The custom Android linker was the last piece of the ASLR puzzle that was not randomized in Ice Cream Sandwich. In Jelly Bean, the linker is now randomized in the process address space. This means that the deficiencies in ICS pointed out in our previous blog post have all been addressed in Jelly Bean, giving it full stack, heap/brk, lib/mmap, linker, and executable ASLR.”

So, what does this mean for people like you and me? A mobile OS with fully implemented ASLR is designed to protect consumers against exploits and hack attacks that install malware on handsets. In essence this is just another added perk for anyone out there who is using Jelly Bean. While we’re far from a world where malware ceases to exist, this change makes it a little harder for these types of exploits to penetrate the end user.

Read the full Duo Securtiy report here.

Source

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.