Mobile, Vulnerability

Jelly Bean difficult to exploit

Charlie Miller, a veteran smartphone hacker and principal research consultant at security firm Accuvant has said that it will be difficult to write exploits for Jelly Bean as it is the first version of Android to include full ASLR and DEP.

http://www.helloandroid.com/files/mobileplugin/180×180/993ce4d985e970050762bc2835cb26b4.png

ASLR randomizes data structure memory locations, and as a result hackers are unable to know in advance where their malicious payloads will be loaded.  Ice Cream Sandwich did offer partial ASLR, but key memory regions were loaded at the same location each time.  This allows hackers to predict where in memory their malicious code can be located.

DEP prevents executing code from a non-executable memory region, so when combined with ASLR our Android devices are becoming more secure than ever.

Advertisements
Standard

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s