idw – Informationsdienst Wissenschaft

Nachrichten, Termine, Experten

Grafik: idw-Logo
Grafik: idw-Logo

idw - Informationsdienst
Wissenschaft

Science Video Project
idw-Abo

idw-News App:

AppStore

Google Play Store



Instanz:
Teilen: 
16.08.2024 10:43

Numerous Manufacturers Use Insecure Android Kernels

Falko Schoklitsch Kommunikation und Marketing
Technische Universität Graz

    In an analysis of smartphones of ten manufacturers, researchers at TU Graz have found that the Android kernels used are vulnerable to known attacks – so-called one-day exploits – despite existing protection mechanisms.

    Smartphones are a constant companion and important work tool for many people. In addition to contacts, appointments and emails, the devices are increasingly being used for sensitive tasks such as online banking or official matters. This increases the safety requirements. As Lukas Maar, Florian Draschbacher, Lukas Lamster and Stefan Mangard from the Institute of Applied Information Processing and Communications at Graz University of Technology (TU Graz) have discovered in a comprehensive analysis of the Android kernels of the ten largest and most well-known smartphone manufacturers, there are numerous flaws here that allow one-day exploits using already known attack methods. The researchers presented their findings on 15 August at the Usenix Security Symposium in Philadelphia, USA (https://www.usenix.org/system/files/usenixsecurity24-maar-defects.pdf).

    Depending on the manufacturer and model, only between 29 and 55 per cent of the 994 smartphones tested by the research team were able to prevent attacks. In contrast, the Generic Kernel Image (GKI) version 6.1 provided by Google would be able to prevent around 85 per cent of attacks. Compared to the GKI, the manufacturer kernels performed up to 4.6 times worse in defending against attacks. The research team analysed devices from these manufacturers that came onto the market between 2018 and 2023 (listing from the most secure to the least secure): Google, Realme, OnePlus, Xiaomi, Vivo, Samsung, Motorola, Huawei, Oppo und Fairphone. The Android versions used on these smartphones ranged from versions 9 to 14, while the kernels covered the range from versions 3.10 to 6.1, with manufacturers who rely on lower kernel versions also offering less security.

    Effective defence mechanisms rarely activated

    Another key point of the analysis is that there are already effective defences for a number of the known attack methods, but they are either rarely activated in the manufacturers’ kernels or the kernels are configured incorrectly. As a result, even kernel version 3.1 from 2014 with all security measures activated could provide better protection against known attacks than around 38 per cent of the kernels configured by the manufacturers themselves. The researchers also found that manufacturers’ low-end models were around 24 per cent more at risk than high-end models. One important reason for this is the loss of performance that additional security measures can cause, which is why they are often deactivated in low-end models to conserve resources.

    “We hope that our results will help to ensure that more effective security measures can be found in manufacturers’ kernels in the future, making Android more secure,” says Lukas Maar. “We also shared our analysis with the manufacturers investigated and Google, Fairphone, Motorola, Huawei and Samsung have taken note – some have even released patches. We have also suggested that Google update the Android Compatibility Definition Document (CDD), which sets out the framework of requirements for devices to be compatible with Android. Google itself has emphasised that it is aware of the problem and wants to strengthen the integration of kernel security measures step by step. However, it is up to the manufacturers whether they want to sacrifice performance for this.”

    This project was funded by the Austrian Research Promotion Agency (FFG) as part of the SEIZE project and is part of the Field of Expertise “Information, Communication & Computing”, one of the five strategic focus areas at TU Graz.


    Wissenschaftliche Ansprechpartner:

    Lukas MAAR
    Dipl.-Ing., BSc, BSc.
    TU Graz | Institute of Applied Information Processing and Communications
    Tel.: +43 316 873 5578
    lukas.maar@tugraz.at


    Originalpublikation:

    Defects-in-Depth: Analyzing the Integration of Effective Defenses against One-Day Exploits in Android Kernels https://www.usenix.org/system/files/usenixsecurity24-maar-defects.pdf


    Bilder

    The kernels of many Android smartphones are not as secure as they could be.
    The kernels of many Android smartphones are not as secure as they could be.
    Helmut Lunghammer
    Lunghammer - TU Graz


    Merkmale dieser Pressemitteilung:
    Journalisten, Wirtschaftsvertreter, jedermann
    Informationstechnik
    überregional
    Buntes aus der Wissenschaft, Wissenschaftliche Publikationen
    Englisch


     

    Hilfe

    Die Suche / Erweiterte Suche im idw-Archiv
    Verknüpfungen

    Sie können Suchbegriffe mit und, oder und / oder nicht verknüpfen, z. B. Philo nicht logie.

    Klammern

    Verknüpfungen können Sie mit Klammern voneinander trennen, z. B. (Philo nicht logie) oder (Psycho und logie).

    Wortgruppen

    Zusammenhängende Worte werden als Wortgruppe gesucht, wenn Sie sie in Anführungsstriche setzen, z. B. „Bundesrepublik Deutschland“.

    Auswahlkriterien

    Die Erweiterte Suche können Sie auch nutzen, ohne Suchbegriffe einzugeben. Sie orientiert sich dann an den Kriterien, die Sie ausgewählt haben (z. B. nach dem Land oder dem Sachgebiet).

    Haben Sie in einer Kategorie kein Kriterium ausgewählt, wird die gesamte Kategorie durchsucht (z.B. alle Sachgebiete oder alle Länder).