idw – Informationsdienst Wissenschaft

Nachrichten, Termine, Experten

Grafik: idw-Logo
Science Video Project
idw-Abo

idw-News App:

AppStore

Google Play Store



Instance:
Share on: 
08/16/2024 10:43

Numerous Manufacturers Use Insecure Android Kernels

Falko Schoklitsch Kommunikation und Marketing
Technische Universität Graz

    In an analysis of smartphones of ten manufacturers, researchers at TU Graz have found that the Android kernels used are vulnerable to known attacks – so-called one-day exploits – despite existing protection mechanisms.

    Smartphones are a constant companion and important work tool for many people. In addition to contacts, appointments and emails, the devices are increasingly being used for sensitive tasks such as online banking or official matters. This increases the safety requirements. As Lukas Maar, Florian Draschbacher, Lukas Lamster and Stefan Mangard from the Institute of Applied Information Processing and Communications at Graz University of Technology (TU Graz) have discovered in a comprehensive analysis of the Android kernels of the ten largest and most well-known smartphone manufacturers, there are numerous flaws here that allow one-day exploits using already known attack methods. The researchers presented their findings on 15 August at the Usenix Security Symposium in Philadelphia, USA (https://www.usenix.org/system/files/usenixsecurity24-maar-defects.pdf).

    Depending on the manufacturer and model, only between 29 and 55 per cent of the 994 smartphones tested by the research team were able to prevent attacks. In contrast, the Generic Kernel Image (GKI) version 6.1 provided by Google would be able to prevent around 85 per cent of attacks. Compared to the GKI, the manufacturer kernels performed up to 4.6 times worse in defending against attacks. The research team analysed devices from these manufacturers that came onto the market between 2018 and 2023 (listing from the most secure to the least secure): Google, Realme, OnePlus, Xiaomi, Vivo, Samsung, Motorola, Huawei, Oppo und Fairphone. The Android versions used on these smartphones ranged from versions 9 to 14, while the kernels covered the range from versions 3.10 to 6.1, with manufacturers who rely on lower kernel versions also offering less security.

    Effective defence mechanisms rarely activated

    Another key point of the analysis is that there are already effective defences for a number of the known attack methods, but they are either rarely activated in the manufacturers’ kernels or the kernels are configured incorrectly. As a result, even kernel version 3.1 from 2014 with all security measures activated could provide better protection against known attacks than around 38 per cent of the kernels configured by the manufacturers themselves. The researchers also found that manufacturers’ low-end models were around 24 per cent more at risk than high-end models. One important reason for this is the loss of performance that additional security measures can cause, which is why they are often deactivated in low-end models to conserve resources.

    “We hope that our results will help to ensure that more effective security measures can be found in manufacturers’ kernels in the future, making Android more secure,” says Lukas Maar. “We also shared our analysis with the manufacturers investigated and Google, Fairphone, Motorola, Huawei and Samsung have taken note – some have even released patches. We have also suggested that Google update the Android Compatibility Definition Document (CDD), which sets out the framework of requirements for devices to be compatible with Android. Google itself has emphasised that it is aware of the problem and wants to strengthen the integration of kernel security measures step by step. However, it is up to the manufacturers whether they want to sacrifice performance for this.”

    This project was funded by the Austrian Research Promotion Agency (FFG) as part of the SEIZE project and is part of the Field of Expertise “Information, Communication & Computing”, one of the five strategic focus areas at TU Graz.


    Contact for scientific information:

    Lukas MAAR
    Dipl.-Ing., BSc, BSc.
    TU Graz | Institute of Applied Information Processing and Communications
    Tel.: +43 316 873 5578
    lukas.maar@tugraz.at


    Original publication:

    Defects-in-Depth: Analyzing the Integration of Effective Defenses against One-Day Exploits in Android Kernels https://www.usenix.org/system/files/usenixsecurity24-maar-defects.pdf


    Images

    The kernels of many Android smartphones are not as secure as they could be.
    The kernels of many Android smartphones are not as secure as they could be.
    Helmut Lunghammer
    Lunghammer - TU Graz


    Criteria of this press release:
    Business and commerce, Journalists, all interested persons
    Information technology
    transregional, national
    Miscellaneous scientific news/publications, Scientific Publications
    English


     

    The kernels of many Android smartphones are not as secure as they could be.


    For download

    x

    Help

    Search / advanced search of the idw archives
    Combination of search terms

    You can combine search terms with and, or and/or not, e.g. Philo not logy.

    Brackets

    You can use brackets to separate combinations from each other, e.g. (Philo not logy) or (Psycho and logy).

    Phrases

    Coherent groups of words will be located as complete phrases if you put them into quotation marks, e.g. “Federal Republic of Germany”.

    Selection criteria

    You can also use the advanced search without entering search terms. It will then follow the criteria you have selected (e.g. country or subject area).

    If you have not selected any criteria in a given category, the entire category will be searched (e.g. all subject areas or all countries).