Jelly Bean Beefs-Up Android Security


For all the new features and changes we can see in Android 4.1 Jelly Bean, there’s also some major progress going on behind the scenes that isn’t immediately apparent to the user. Security researchers have been taking a look at some of the improvements Google’s made to Android’s security in Jelly Bean, and discovered that the Address Space Layout Randomization Google introduced in Ice Cream Sandwich has matured into a much more resilient tool against malware.

ASLR, in a nutshell, helps to increase system security by making the platform less predictable to an attacker. Think of it as the difference between a thief with full blueprints, photos, and security specs for a museum he intends to rob, versus one who goes into the job without having any familiarity with the place. Without ASLR, the locations of certain data segments in memory can be predicted, and subsequently taken advantage of with minimal difficulty. If malware can’t even figure out where the values it needs to manipulate are in memory, it becomes a whole lot more difficult for it to do anything nasty.

The first pieces of ASLR came into place with Ice Cream Sandwich, but the implementation was lacking in a few key areas. That’s where Jelly Bean steps-up to help complete the defense, adding support for Position Independent Executables, heap randomization, and making the custom Android linker relocatable in memory. Combined with the earlier ASLR efforts, these steps help fortify Android against attacks. We’re sure that resourceful hackers will come up with ways to challenge even these countermeasures, but for now it looks like they’ll have their work cut out for them.

Source: Duo Security
Via: Coolsmartphone

Share This Post
What's your reaction?
Love It
Like It
Want It
Had It
Hated It
About The Author
Stephen Schenck

Stephen has been writing about electronics since 2008, which only serves to frustrate him that he waited so long to combine his love of gadgets and his degree in writing. In his spare time, he collects console and arcade game hardware, is a motorcycle enthusiast, and enjoys trapping blue crabs. Stephen’s first mobile device was a 624 MHz Dell Axim X30, which he’s convinced is still a viable platform. Stephen longs for a market where phones are sold independently of service, and bandwidth is cheap and plentiful; he’s not holding his breath. In the meantime, he devours smartphone news and tries to sort out the juicy bits

Read more about Stephen Schenck!