Researchers discover bug in Android OS, Google plans on fixing issue soon


Four researchers from Italy’s top universities have identified and fixed bug namely Denial of Service exploit that affects all versions of Google’s Android operating system, a fix that Google has said will be used in the next update for Android smartphones and tablets.

Alessandro Armando, Head of the Research Unit “Security & Trust” and coordinator of the Artificial Intelligence Laboratory at the University of Genoa, Alessio Merlo of Telematic University E-Campus, Professor. Mauro Migliardi, a coordinator at the University of Padova and Luke Verderame, Computer Engineering graduate at the University of Genoa made the discovery, which was noted in a research paper (PDF) hosted on a University of Genoa’s website.

It was found that the bug forces the device into a state of complete unresponsiveness that allows a malicious application to force the system to fork an unbounded number of processes and thereby mounting a Denial-of-Service (DoS).

The test application was used on a number of smartphones, including the LG Optimus One smartphone and different tablets including the Samsung Galaxy Tab. The Optimius One froze in less than a minute while others — including the Galaxy Tab — froze in under 2 minutes.

The team found and offered two fixes to the problem:

  • Checking if the specific process comes from a ‘legal source’ — one being the System Server
  • Restricting the permissions on the target socket at the Linux layer.

The fix has been posted to o Google, the Open Handset Alliance and the US-CERT. Google is planning on rolling out the fix on the next update of their OS on every device to fix this issue.