Saturday , August 19 2017

CONFIG_KEYS vulnerability – How vulnerable are you?

android-security

A recently discovered vulnerability in the Linux kernel (which runs at the heart of Android) might leave some devices susceptible to exploitation .. though from what we understand, the risk is minimal. For those interested to find out a little more, let’s carry on. This vulnerability was announced and confirmed by Perception Point and while it is a kernel vulnerability, it could potentially be exploited by a malicious app.

What’s the issue?

Speaking on the simplest of terms (without deliberately being patronising) if somehow this exploit is run in an app on your device successfully, the app would then be able to escalate itself to root privileges and consequently do whatever the heck it is programmed to do from there. That could be as simple as grabbing snippets of personal data through to enslaving your device as part of a botnet. Essentially once an app has root privileges, there are basically no boundaries.

How does this happen?

First and foremost, you’ll need to get a malicious app on your device that is allowed to run for an extended period of time at high CPU load. In testing, the exploit takes around half an hour to execute on a high powered, desktop-class CPU (Intel Core i7-5500 to be precise). Because there are a significant amount of instructions required to be executed by the CPU to potentially trigger this vulnerability (about 4.2 billion, in fact), the chances of a malicious being about to successfully execute this exploit are minimal to non existent.

Am I at risk?

The short answer is no.

Versions of Android earlier than Android 5.0 are already safe, and newer versions of Android with SELinux set to Enforcing (later Lollipop and Marshmallow) are extremely unlikely to be targeted, or to even be vulnerable. For those devices that could be vulnerable (primarily running early Lollipop builds), most probably won’t be, because Google recommends that Android’s Linux Kernel is built with CONFIG_KEYS turned off, so most devices simply won’t be susceptible.

Should I worry?

Not really. You should be more concerned if you run Linux on your desktop or if you have Linux servers, but if you’re just using an Android phone, this really isn’t much of a risk to you.

If you have somehow installed a malicious app and you notice your phone becoming increasingly warm, and battery life decreasing more rapidly, it is possible that some rogue process is trying to pull off some sort of exploit on your device (though, more likely, it’ll be some innocent app or system process that’s just gone haywire). If you notice your phone doing either of these things, a quick reboot is recommended — if there’s malicious code, it’ll stop it from running, and it’ll have to start again, and if there’s not malicious code and your phone is just having a spaz, it might clear out whatever’s going on.

How do I protect myself?

Given the only way this exploit can be triggered is via an app, the very simple way to protect yourself is to only install apps that are from the Google Play store. There are checks in place; Google are constantly scanning for malicious code through the Play Store and recently banned If you really want to be careful, only install apps that have a good reputation and lots of good feedback. This goes to verify not only the developer as reputable, but also the app in its own right.

If you want to be safe: Do NOT install apps from unknown sources, turn that option off in your security settings and do NOT install apps that are emailed to you. Adhere to these simple rules and you’re almost certainly going to be safe.

TLDR? Don’t panic, its another storm in a teacup

A patch has already been released by Google and delivered to all manufacturing partners which they will no doubt incorporate into their next OTA update. So in reality this is another one of the continually growing number of hypothetical exploits that Android devices could be hit by. But a lot of things need to go wrong for you to actually fall victim, so don’t panic.

While it is concerning that these issues are found, its taking research labs a lot of time and effort to find them. By the time these exploits are being made public, there have already been steps taken to mitigate the risk, which says a lot about how good the general security level is on Android is — in many ways, it benefits from the security and stability of Linux as well, and so (as is often the case) a lot of things need to go wrong, in order, before anyone is even possibly put at risk.

Is this latest security “scare” for Android concerning you, or are you cautious with your app installations?

 
Source: Perception Point.

Phil Tann   Journalist

Join the Ausdroid Conversation

2 Comments on "CONFIG_KEYS vulnerability – How vulnerable are you?"

avatar
Sort by:   newest | oldest | most voted
Member

Great article. After reading an “Apocalypse now!! REPENT! REPENT!” type post on the subject the other day, it’s nice to see some reason into the story.

Phil Tann
Valued Guest

Thanks for the feedback

wpDiscuz

Check Also

Schlage Sense Smart Deadbolt gets Android compatibility and Wi-Fi connectivity – but no Wi-Fi in Australia

Schlage has announced this week that their Sense Smart Deadbolt is now compatible with Android …