Stagefright Vulnerability in Android Phones
The Stagefright vulnerability for Android phones is a bad one. It’s exploitable via a text message (details depend on auto downloading of the particular phone), it runs at an elevated privilege (again, the severity depends on the particular phone—on some phones it’s full privilege), and it’s trivial to weaponize. Imagine a worm that infects a phone and then immediately sends a copy of itself to everyone on that phone’s contact list.
The worst part of this is that it’s an Android exploit, so most phones won’t be patched anytime soon—if ever. (The people who discovered the bug alerted Google in April. Google has sent patches to its phone manufacturer partners, but most of them have not sent the patch to Android phone users.)
Thoth • July 28, 2015 6:57 AM
Android OS itself contains millions of lines of codes and some of them are proprietary to the vendors themselves. If the TCB is more than 10K ~ 20K lines of codes, it is not easy to audit. Since the first day of Android’s inception, the LOCs have been inspected by so many people and yet so many bugs escape notice and Android is literally the Windows for phone being full of bugs and holes due to it’s huge codebase.
If Google wants Android to be secure, they should sit down and re-think the entire Android system which will be highly unlikely due to the huge (and immobile) setup and investments. Android’s fate is doomed to be like Windows by being so bloated and popular.
The only saving grace is to be daring to re-think Android and create a 10K LOC TCB microkernel by Google and verified widely by known security research labs. A mathematically rigid microkernel TCB that is easily verifiable, open and tiny will be needed. Genode and KSyslabs have done good research in this area and have gotten a TCB for Samsung phone (certain type) and ARM chips down (Fiasco.OC TCB + L4Android Userland). If Google can leverage and fund these researches and incorporate into future releases, it might help lessen vulnerabilities and hidden bugs.
Samsung via it’s KNOX (INTEGRITY HILL on the Secure World side as the OS ?) and Apple via it’s Secure Enclave (using a modified L4 on the Secure World side) has made progress in hardware, OS and software security but it needs more testing on the KNOX and Secure Enclave but these can be hard due to their proprietary nature.
Fall back to the Genode and Ksyslabs TCB I guess ?