Projects per year
Abstract
With the mobile phone market exceeding one billion units sold in 2023, ensuring the security of these devices is critical.
However, recent research has revealed worrying delays in the deployment of security-critical kernel patches, leaving devices vulnerable to publicly known one-day exploits. While
the mainline Android kernel has seen an increase in defense mechanisms, their integration and effectiveness in vendor supplied kernels are unknown at a large scale.
In this paper, we systematically analyze publicly available one-day exploits targeting the Android kernel over the past three years. We identify multiple exploitation flows repre-
senting vulnerability-agnostic strategies to gain high privileges. We then demonstrate that integrating defense-in-depth mechanisms from the mainline Android kernel could mitigate
84.6 % of these exploitation flows. In a subsequent analysis of 994 devices, we reveal a widespread absence of effective defenses across vendors. Depending on the vendor, only 28.8 % to 54.6 % of exploitation flows are mitigated, indicating a 4.62 to 2.951 times worse scenario than the mainline kernel.
Further delving into defense mechanisms, we reveal weaknesses in vendor-specific defenses and advanced exploitation techniques bypassing defense implementations. As these de-
velopments pose additional threats, we discuss potential solutions. Lastly, we discuss factors contributing to the absence of effective defenses and offer improvement recommenda-
tions. We envision that our findings will guide the inclusion of effective defenses, ultimately enhancing Android security.
However, recent research has revealed worrying delays in the deployment of security-critical kernel patches, leaving devices vulnerable to publicly known one-day exploits. While
the mainline Android kernel has seen an increase in defense mechanisms, their integration and effectiveness in vendor supplied kernels are unknown at a large scale.
In this paper, we systematically analyze publicly available one-day exploits targeting the Android kernel over the past three years. We identify multiple exploitation flows repre-
senting vulnerability-agnostic strategies to gain high privileges. We then demonstrate that integrating defense-in-depth mechanisms from the mainline Android kernel could mitigate
84.6 % of these exploitation flows. In a subsequent analysis of 994 devices, we reveal a widespread absence of effective defenses across vendors. Depending on the vendor, only 28.8 % to 54.6 % of exploitation flows are mitigated, indicating a 4.62 to 2.951 times worse scenario than the mainline kernel.
Further delving into defense mechanisms, we reveal weaknesses in vendor-specific defenses and advanced exploitation techniques bypassing defense implementations. As these de-
velopments pose additional threats, we discuss potential solutions. Lastly, we discuss factors contributing to the absence of effective defenses and offer improvement recommenda-
tions. We envision that our findings will guide the inclusion of effective defenses, ultimately enhancing Android security.
Original language | English |
---|---|
Title of host publication | Usenix Security Symposium 2024 |
Publication status | Accepted/In press - 14 Aug 2024 |
Event | 33rd USENIX Security Symposium: USENIX Security 2024 - Philadelphia Marriott Downtown, Philadelphia, United States Duration: 14 Aug 2024 → 16 Aug 2024 https://www.usenix.org/conference/usenixsecurity24 |
Conference
Conference | 33rd USENIX Security Symposium: USENIX Security 2024 |
---|---|
Abbreviated title | USENIX |
Country/Territory | United States |
City | Philadelphia |
Period | 14/08/24 → 16/08/24 |
Internet address |
Fingerprint
Dive into the research topics of 'Defects-in-Depth: Analyzing the Integration of Effective Defenses against One-Day Exploits in Android Kernels'. Together they form a unique fingerprint.Projects
- 1 Active
-
SEIZE - Secure Edge Devices For Industrial Zero-Trust Environments
1/01/22 → 31/12/24
Project: Research project