Android DOS Holes Patched

Google fixes two flaws in its Android mobile OS that could have been exploited in denial-of-service attacks.


How to Help Your Business Become an AI Early Adopter


Microsoft and T-Mobile aren't the only mobile vendors moving to cope with some unexpected headaches: Google has patched two bugs in version 1.5 of its mobile open source platform, Android.

The software version, codenamed Cupcake, faced two vulnerabilities that could have led to denial-of-service (DoS) attacks, according to researchers at the Open Source Computer Emergency Response Team (oCERT).

One of the vulnerabilities involved Android's SMS management, according to an advisory released by oCERT earlier this week. The flaw allows an attacker to use WAP (Wireless Application Protocol) push messages to disconnect a mobile phone from a cellular network. WAP push messages are typically used to send ringtones, wallpaper and other content to mobile users.

A maliciously coded WAP message can cause the smartphone to reboot without the user's knowledge, which can lead to a temporary loss of connectivity and dropped calls, according to oCERT.

In cases where the phone's SIM (subscriber identity module) is protected by a PIN, users will need to re-enter the PIN to re-establish connectivity, causing longer delays. If the bug is triggered repeatedly, it could result in a denial-of-service condition, oCERT said.

The other DoS vulnerability relied on the API for Android's Dalvik virtual machine.

"A specific malicious application can be crafted so that if it is downloaded and executed by the user, it would trigger the vulnerable API function and restart the system process. The same condition could occur if a developer unintentionally places the vulnerable function in a place where the execution path leads to that function call. Triggering this bug is considered a DoS condition," oCERT said in its warning.

The advisories came out last week after Google issued patches addressing both problems.

Article courtesy of InternetNews.com.

Tags: open source, Google, Android, wireless, bug

0 Comments (click to add your comment)
Comment and Contribute


(Maximum characters: 1200). You have characters left.



IT Management Daily
Don't miss an article. Subscribe to our newsletter below.

By submitting your information, you agree that datamation.com may send you Datamation offers via email, phone and text message, as well as email offers about other products and services that Datamation believes may be of interest to you. Datamation will process your information in accordance with the Quinstreet Privacy Policy.