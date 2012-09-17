from the you-wash-my-back... dept.
Submitted via IRC for SoyCow1937
A team of Oxford and Cambridge researchers is the latest to join a chorus of voices sounding the alarm on a new attack vector named Intra-Library Collusion (ILC) that could make identifying Android malware much harder in the upcoming future.
The research team has described the ILC attack vector in a research paper released last month and named "Intra-Library Collusion: A Potential Privacy Nightmare on Smartphones."
An ILC attack relies on threat actors using libraries to deliver malicious code, instead of standalone Android apps packed with all the malicious commands.
Apps usually require permissions for all the operations they need to perform. An ILC attack relies on spreading the malicious actions across several apps that use the same library(ies).
Each app gets different permissions, and malicious code packed in one app could use shared code from other apps — with higher privileges — to carry out malicious operations.
The advantage — for malware authors — is that investigators analyzing a compromised devices would see the breadth of malicious activities, but would exclude certain apps as the infection's source because they do not possess all the permissions needed to execute the attack.
Source: https://www.bleepingcomputer.com/news/security/intra-library-collusion-attacks-open-the-door-for-a-whole-new-kind-of-android-malware/
(Score: 0) by Anonymous Coward on Tuesday September 12, @03:54PM
There's nothing about Malware that is in any way interesting; it's the most rudimentary stuff ever—that's why our view of the malware hacker is a slobbish teenager in Eastern Europe, rather than a monocled mad scientist with crazy hair; a child could figure out most of these exploits.
Software SUCKS. It's the worst; everybody lauds the low barrier to entry (if you've got a computer, you can code), but that is exactly the reason why everything is horrible. Just whip open any software project's source in an editor, and you'll be presented immediately with trash.
As much as possible, don't use other people's software, and if you do, jail that junk.
Reply to This
(Score: 1) by fustakrakich on Tuesday September 12, @03:59PM (4 children)
All apps should be statically linked and fully isolated from each other. Sure, it takes up more space, but that really isn't an issue anymore.
This (the 1st comment) convinced me to sign up [soylentnews.org]
Reply to This
(Score: 1, Informative) by Anonymous Coward on Tuesday September 12, @04:17PM (3 children)
It doesn't sound like a problem related to dynamic linking.
The issue seems to be that some forms of library calls on android can cross privilege boundaries, allowing an app with less privileges to call functions in a library with more privileges, and the library operations work with elevated privileges. This seems like a broken by design security model.
Libraries (dynamic or otherwise) on normal operating systems don't work this way.
Reply to This
Parent
(Score: 0) by Anonymous Coward on Tuesday September 12, @04:32PM
How can it be that a multi-billion-dollar organization that employs for Big Bucks almost exclusively the creme-de-la-creme of the intelligentsia can produce such obvious flaws? HOW?!
I've spent much time around those "smart" people; they're not that smart—or, perhaps more accurately: They don't give a fuck; it doesn't tickle them to make something well, but rather it tickles them to make other people feel that they've made something well, especially for money. It's all junk.
Reply to This
Parent
(Score: 0) by Anonymous Coward on Tuesday September 12, @04:33PM
But it *is* related to dynamic linking. It's because the library is used by app A which has permission set P1 as well as app B which has permission set P2, thus giving the library L the permission set (P1 + P2). *that* is exactly the problem.
You're right on spot there... "on NORMAL operating systems"...
Reply to This
Parent
(Score: 0) by Anonymous Coward on Tuesday September 12, @04:43PM
This.
It's not the linking that's the problem, its the uncontrolled communication channel between the app with privileges to read the private data and the app with privileges to expatriate it. This hack goes through an extra library, but it could go through any superstitiously shared memory area - photo metadata or anything else that sounds innocent enough.
Reply to This
Parent
(Score: 1, Funny) by Anonymous Coward on Tuesday September 12, @04:24PM (1 child)
From TFA:
I'm so glad this only affects the upcoming future. It would be so much worse if this was a threat in the previous future too! The Android folks are clearly on our side!
Or is the author [bleepingcomputer.com] of TFA just a moron?
Reply to This
(Score: 0) by Anonymous Coward on Tuesday September 12, @04:28PM
https://www.google.com/search?q=%22in+the+upcoming+future%22 [google.com]
Reply to This
Parent
(Score: 2) by bob_super on Tuesday September 12, @04:45PM
So, if you download the hairspray app and the deodorant app, when you start using the makeup app, you die laughing?
Reply to This
(Score: 0) by Anonymous Coward on Tuesday September 12, @04:50PM
Shouldn't library code always run with the privileges of the application calling it?
Reply to This