Android 4.1 Jelly Bean Introduces Industry-Grade Security

Security researcher Jon Oberheide has publicly stated that android 4.1 will be significantly harder to hack and load malware onto. Jelly Bean uses address space layout randomization (ASLR) and Data Execution Prevention (DEP). ASLR randomizes the memory locations for the library, stack, heap, and most other OS data structures. That means hackers won’t know where their malware will actually end up (potentially rendering it useless). Unfortunately the structure of android limits the randomization to only specific areas. If a hacker targets a part that doesn’t get randomized, then your device is still susceptible. DEP tries to stop the malware in the area that doesn’t get randomized by marking those areas as ‘non-executable regions’. If anything tries to run from non-executable regions, it’ll automatically be stopped. Android still needs to implement code signing (checking that code loaded into memory carries a valid digital signature before it can be executed). Apple has implemented all three (ASLR, DEP, CS) in iOS , which is why it’s nearly impenetrable.

Source

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s