Date:18/07/12
Google's latest Android mobile OS comes with features to divert hackers from installing malware that leads to information leakage, buffer overflows, and memory vulnerabilities.
New features on Google's latest Android mobile OS -- Jelly Bean 4.1 -- beef up the system's security over all other past OS iterations. With Jelly Bean's design, Google has aimed to defend against hacks that install viruses and other malware on mobile devices using the system.
"Android has stepped its game up mitigation-wise in the new Jelly Bean release," security researcher Jon Oberheide wrote in an analysis published this week.
Oberheide notes that the central difference between Jelly Bean and other Android systems is that it incorporates Address Space Layout Randomization (ASLR), which randomizes locations in the devices' memory, along with another security feature called data execution prevention (DEP).
This is crucial because one way hackers tend to break into handsets is via memory corruption bugs, according to Ars Technica, which first reported this news. When ASLR is combined with DEP, these types of attacks can be defeated because hackers cannot locate the malicious code in the device's memory.
Besides ASLR and data execution prevention, Jelly Bean also has defenses against information leakage, buffer overflows, and additional memory vulnerabilities. However, according to Oberheide, Android has not yet added code signing, which would help fortify against unauthorized applications running on the device.
Apple's iOS already has code signing, ASLR, and DEP.
"While Android is still playing a bit of catch-up, other mobile platforms are moving ahead with more innovation exploit mitigation techniques, such as the in-kernel ASLR present in Apple's iOS 6," Oberheide wrote in the analysis.
"One could claim that iOS is being proactive with such techniques, but in reality, they're simply being reactive to the type of exploits that typically target the iOS platform. However, Apple does deserve credit for raising the barrier up to the point of kernel exploitation by employing effective userspace mitigations such NX, ASLR, and mandatory code signing."
Android's Jelly Bean aims to be hard to hack
Google's latest Android mobile OS comes with features to divert hackers from installing malware that leads to information leakage, buffer overflows, and memory vulnerabilities.New features on Google's latest Android mobile OS -- Jelly Bean 4.1 -- beef up the system's security over all other past OS iterations. With Jelly Bean's design, Google has aimed to defend against hacks that install viruses and other malware on mobile devices using the system.
"Android has stepped its game up mitigation-wise in the new Jelly Bean release," security researcher Jon Oberheide wrote in an analysis published this week.
Oberheide notes that the central difference between Jelly Bean and other Android systems is that it incorporates Address Space Layout Randomization (ASLR), which randomizes locations in the devices' memory, along with another security feature called data execution prevention (DEP).
This is crucial because one way hackers tend to break into handsets is via memory corruption bugs, according to Ars Technica, which first reported this news. When ASLR is combined with DEP, these types of attacks can be defeated because hackers cannot locate the malicious code in the device's memory.
Besides ASLR and data execution prevention, Jelly Bean also has defenses against information leakage, buffer overflows, and additional memory vulnerabilities. However, according to Oberheide, Android has not yet added code signing, which would help fortify against unauthorized applications running on the device.
Apple's iOS already has code signing, ASLR, and DEP.
"While Android is still playing a bit of catch-up, other mobile platforms are moving ahead with more innovation exploit mitigation techniques, such as the in-kernel ASLR present in Apple's iOS 6," Oberheide wrote in the analysis.
"One could claim that iOS is being proactive with such techniques, but in reality, they're simply being reactive to the type of exploits that typically target the iOS platform. However, Apple does deserve credit for raising the barrier up to the point of kernel exploitation by employing effective userspace mitigations such NX, ASLR, and mandatory code signing."
Views: 1083
©ictnews.az. All rights reserved.
Similar news
- Analysis: New Internet rules will spawn battle for "dots"
- Global software market to bounce back in 2011
- Gartner: Top security vendors are losing market share
- UK health firm signs £1.3m deal for new financial management software
- Suspected LulzSec and Anonymous members arrested in UK
- Dutch study possible Iran hacking of government web sites
- Turkish net hijack hits big name websites
- Coverity software testing package ensures search for God Particle stays on track
- Progress Revolution 2011: IT must focus on adaptability
- French Postal Service Implements Cameleon Software
- Microsoft targets $520bn intelligent device market with next version of Windows Embedded
- Increase in Azerbaijani software market hits 25 percent in 2011
- Microsoft shuffles execs to better manage Windows 8, smartphone ops
- Adobe Q4 profit falls 35%
- Worldwide Database and Data Integration Software Market Expected to Grow 11.6% in 2011, According to IDC
