A weakness in one of Android’s security features called Address Space Layout Randomization (ASLR) leaves software components vulnerable to attacks that bypass the protection, researchers said.
The goal of the discovery is to help security practitioners identify and understand the future direction of these types of attacks, said Georgia Tech researchers who will present their findings entitled Abusing Performance Optimization Weaknesses to Bypass ASLR, at Black Hat USA 2014, which will be held August 6-7 in Las Vegas, NV.
The work, which occurred at the Georgia Tech Information Security Center (GTISC) by Ph.D. students Byoungyoung Lee and Yeongjin Jang and research scientist Tielei Wang, found the introduction of performance optimization features can inadvertently harm the security guarantees of an otherwise vetted system. In addition to describing how vulnerabilities originate from such designs, they demonstrate real attacks that exploit them.
Experts previously thought bypassing ASLR using hash table leaks was obsolete due to its complexity. By exhaustively investigating various language implementations and presenting concrete attacks, the research aims to show it is still a valid concern.
“As part of our talk, we’ll present an analysis of the Android Zygote process creation model,” Lee said. “The results show that Zygote weakens ASLR as all applications are created with largely identical memory layouts. To highlight the issue, we’ll show two different ASLR bypass attacks using real applications – Google Chrome and VLC Media Player.”