Numerous Manufacturers Use Insecure Android Kernels
en-GBde-DEes-ESfr-FR

Numerous Manufacturers Use Insecure Android Kernels

16/08/2024 TU Graz

In an analysis of smartphones of ten manufacturers, researchers at TU Graz have found that the Android kernels used are vulnerable to known attacks – so-called one-day exploits – despite existing protection mechanisms.

Smartphones are a constant companion and important work tool for many people. In addition to contacts, appointments and emails, the devices are increasingly being used for sensitive tasks such as online banking or official matters. This increases the safety requirements. As Lukas Maar, Florian Draschbacher, Lukas Lamster and Stefan Mangard from the Institute of Applied Information Processing and Communications at Graz University of Technology (TU Graz) have discovered in a comprehensive analysis of the Android kernels of the ten largest and most well-known smartphone manufacturers, there are numerous flaws here that allow one-day exploits using already known attack methods. The researchers presented their findings on 15 August at the Usenix Security Symposium in Philadelphia, USA.

Depending on the manufacturer and model, only between 29 and 55 per cent of the 994 smartphones tested by the research team were able to prevent attacks. In contrast, the Generic Kernel Image (GKI) version 6.1 provided by Google would be able to prevent around 85 per cent of attacks. Compared to the GKI, the manufacturer kernels performed up to 4.6 times worse in defending against attacks. The research team analysed devices from these manufacturers that came onto the market between 2018 and 2023 (listing from the most secure to the least secure): Google, Realme, OnePlus, Xiaomi, Vivo, Samsung, Motorola, Huawei, Oppo und Fairphone. The Android versions used on these smartphones ranged from versions 9 to 14, while the kernels covered the range from versions 3.10 to 6.1, with manufacturers who rely on lower kernel versions also offering less security.

Effective defence mechanisms rarely activated

Another key point of the analysis is that there are already effective defences for a number of the known attack methods, but they are either rarely activated in the manufacturers’ kernels or the kernels are configured incorrectly. As a result, even kernel version 3.1 from 2014 with all security measures activated could provide better protection against known attacks than around 38 per cent of the kernels configured by the manufacturers themselves. The researchers also found that manufacturers’ low-end models were around 24 per cent more at risk than high-end models. One important reason for this is the loss of performance that additional security measures can cause, which is why they are often deactivated in low-end models to conserve resources.

“We hope that our results will help to ensure that more effective security measures can be found in manufacturers’ kernels in the future, making Android more secure,” says Lukas Maar. “We also shared our analysis with the manufacturers investigated and Google, Fairphone, Motorola, Huawei and Samsung have taken note – some have even released patches. We have also suggested that Google update the Android Compatibility Definition Document (CDD), which sets out the framework of requirements for devices to be compatible with Android. Google itself has emphasised that it is aware of the problem and wants to strengthen the integration of kernel security measures step by step. However, it is up to the manufacturers whether they want to sacrifice performance for this.”

This project was funded by the Austrian Research Promotion Agency (FFG) as part of the SEIZE project and is part of the Field of Expertise “Information, Communication & Computing”, one of the five strategic focus areas at TU Graz.

Links

The paper containing the analysis

Defects-in-Depth: Analyzing the Integration
of Effective Defenses against One-Day
Exploits in Android Kernels
Lukas Maar, Graz University of Technology; Florian Draschbacher,
Graz University of Technology and A-SIT Austria, Graz; Lukas Lamster
and Stefan Mangard, Graz University of Technology
https://www.usenix.org/conference/usenixsecurity24/presentation/maar-defects
Attached files
  • The kernels of many Android smartphones are not as secure as they could be. Image source: Lunghammer - TU Graz
16/08/2024 TU Graz
Regions: Europe, Austria
Keywords: Applied science, Technology

Disclaimer: AlphaGalileo is not responsible for the accuracy of news releases posted to AlphaGalileo by contributing institutions or for the use of any information through the AlphaGalileo system.

Testimonials

For well over a decade, in my capacity as a researcher, broadcaster, and producer, I have relied heavily on Alphagalileo.
All of my work trips have been planned around stories that I've found on this site.
The under embargo section allows us to plan ahead and the news releases enable us to find key experts.
Going through the tailored daily updates is the best way to start the day. It's such a critical service for me and many of my colleagues.
Koula Bouloukos, Senior manager, Editorial & Production Underknown
We have used AlphaGalileo since its foundation but frankly we need it more than ever now to ensure our research news is heard across Europe, Asia and North America. As one of the UK’s leading research universities we want to continue to work with other outstanding researchers in Europe. AlphaGalileo helps us to continue to bring our research story to them and the rest of the world.
Peter Dunn, Director of Press and Media Relations at the University of Warwick
AlphaGalileo has helped us more than double our reach at SciDev.Net. The service has enabled our journalists around the world to reach the mainstream media with articles about the impact of science on people in low- and middle-income countries, leading to big increases in the number of SciDev.Net articles that have been republished.
Ben Deighton, SciDevNet

We Work Closely With...


  • BBC
  • The Times
  • National Geographic
  • The University of Edinburgh
  • University of Cambridge
  • iesResearch
Copyright 2024 by AlphaGalileo Terms Of Use Privacy Statement