Jelly Bean Is Hard To Exploit: Serial Hacker


Google’s Android new version, Jelly Bean is hard to exploit, a serial hacker exposed this to ArsTechnica.Users using Jelly bean are more protected to hacker attacks which install malware on devices. Security researcher Jon Oberheide said [quote]Android version 4.1, aka Jelly Bean, is the first version of the Google-developed OS to properly implement a protection known as address space layout randomization.[/quote]

Android ASLR, the executable mapping in the process address space was not randomized in Ice Cream Sandwich, making ROP-style attacks possible but in Jelly Bean most binaries are now compiled/linked with the PIE flag to properly randomize executable mapping when executed. here are some improvements in Jelly bean which streghthen its security prior to old version of Android:

  • PIE (Position Independent Executable) support
  • Read-only relocations / immediate binding (-Wl,-z,relro -Wl,-z,now)
  • dmesg_restrict enabled (avoid leaking kernel addresses)
  • kptr_restrict enabled (avoid leaking kernel addresses)
  • Android is getting there, and Jelly Bean is a major step towards that goal.

Android is getting near Apple’s defense against these hacks, and Jelly Bean is a major step towards security defense.

Via: ArsTechnica

Previous articleClockworkMod Recovery Gets Update
Next articleLG Optimus LTE Series Hits 4 Million Sales
Hi, I am an avid Android fan since its release. Later, I decided to merge my interests in writing and opened up GoAndroid Blog. I love to surf, write, read about new things.


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.