Four researchers from Italy’s top universities have identified and fixed bug namely Denial of Service exploit that affects all versions of Google’s Android operating system, a fix that Google has said will be used in the next update for Android smartphones and tablets.
Alessandro Armando, Head of the Research Unit “Security & Trust” and coordinator of the Artificial Intelligence Laboratory at the University of Genoa, Alessio Merlo of Telematic University E-Campus, Professor. Mauro Migliardi, a coordinator at the University of Padova and Luke Verderame, Computer Engineering graduate at the University of Genoa made the discovery, which was noted in a research paper (PDF) hosted on a University of Genoa’s website.
It was found that the bug forces the device into a state of complete unresponsiveness that allows a malicious application to force the system to fork an unbounded number of processes and thereby mounting a Denial-of-Service (DoS).
The test application was used on a number of smartphones, including the LG Optimus One smartphone and different tablets including the Samsung Galaxy Tab. The Optimius One froze in less than a minute while others — including the Galaxy Tab — froze in under 2 minutes.
The team found and offered two fixes to the problem:
- Checking if the specific process comes from a ‘legal source’ — one being the System Server
- Restricting the permissions on the target socket at the Linux layer.
The fix has been posted to o Google, the Open Handset Alliance and the US-CERT. Google is planning on rolling out the fix on the next update of their OS on every device to fix this issue.