Android Security Vulnerabilities - Android General

mods: maybe this could get moved to Android Dev and Hacking/Misc Dev? This is my first post, and there's a minimum 10 post rule to post on the dev forums. I searched the forums and could not find a similar post, and it could be useful for ROM hackers.
I've been keeping track of a few upcoming risky vulnerabilities that modern devices may be vulnerable to, and possible patches. For those of you that embed custom kernels in your ROM, or want a secure kernel for your custom ROM, this should be useful. Hopefully we can have people chime in and post patches they think are needed. Now, these may be commonly used to root your device, but for those of you creating pre-rooted ROMs, you will probably want the patch to protect your devices from malicious activity.
http://www.cvedetails.com/cve/CVE-2012-4220/ also 4221 and 4222:
affects Android versions from 2.3 to 4.2 with a Qualcomm processor
patch here: https://www.codeaurora.org/particip...es/cve-2012-4220-cve-2012-4221-cve-2012-4222/
code execution, local priv, DoS
http://www.cvedetails.com/cve/CVE-2011-3874/
the infamous zergRush exploit for the vulnerability in libsysutils.so
PoC: https://github.com/revolutionary/zergRush/blob/master/zergRush.c
patch: http://code.google.com/p/android/issues/attachmentText?id=21681&aid=216810001000&name=patch.diff&token=zyMox2r00ZIPN7qD_zdjHy2cf10%3A1358973107051
affects Froyo and Gingerbread, which a lot of people are still working with. As a ROM dev, you might not be working with older Android versions, but this allows code execution.
samsung exynos flaw - I don't see a CVE for this yet
http://forum.xda-developers.com/showthread.php?t=2048511
"This device is R/W by all users and give access to all physical memory"
patch here, but another patch in that thread as well: http://review.cyanogenmod.org/#/c/29910/
"Ram dump, kernel code injection and others could be possible via app installation from Play Store" ouch
2012 CVEs:
http://www.cvedetails.com/vulnerabi...roduct_id-19997/year-2012/Google-Android.html
Anyone else know some good vulns and patches??
Hope this is helpful!

ogresavage said:
mods: maybe this could get moved to Android Dev and Hacking/Misc Dev? This is my first post, and there's a minimum 10 post rule to post on the dev forums. I searched the forums and could not find a similar post, and it could be useful for ROM hackers.
I've been keeping track of a few upcoming risky vulnerabilities that modern devices may be vulnerable to, and possible patches. For those of you that embed custom kernels in your ROM, or want a secure kernel for your custom ROM, this should be useful. Hopefully we can have people chime in and post patches they think are needed. Now, these may be commonly used to root your device, but for those of you creating pre-rooted ROMs, you will probably want the patch to protect your devices from malicious activity.
http://www.cvedetails.com/cve/CVE-2012-4220/ also 4221 and 4222:
affects Android versions from 2.3 to 4.2 with a Qualcomm processor
patch here: https://www.codeaurora.org/particip...es/cve-2012-4220-cve-2012-4221-cve-2012-4222/
code execution, local priv, DoS
http://www.cvedetails.com/cve/CVE-2011-3874/
the infamous zergRush exploit for the vulnerability in libsysutils.so
PoC: https://github.com/revolutionary/zergRush/blob/master/zergRush.c
patch: http://code.google.com/p/android/issues/attachmentText?id=21681&aid=216810001000&name=patch.diff&token=zyMox2r00ZIPN7qD_zdjHy2cf10%3A1358973107051
affects Froyo and Gingerbread, which a lot of people are still working with. As a ROM dev, you might not be working with older Android versions, but this allows code execution.
samsung exynos flaw - I don't see a CVE for this yet
http://forum.xda-developers.com/showthread.php?t=2048511
"This device is R/W by all users and give access to all physical memory"
patch here, but another patch in that thread as well: http://review.cyanogenmod.org/#/c/29910/
"Ram dump, kernel code injection and others could be possible via app installation from Play Store" ouch
2012 CVEs:
http://www.cvedetails.com/vulnerabi...roduct_id-19997/year-2012/Google-Android.html
Anyone else know some good vulns and patches??
Hope this is helpful!
Click to expand...
Click to collapse
I just installed Belarc Security and it discovered the first issues with the two others, 4220. 4221, 4222, not sure if I should be concerned...

Related

Stagefright security fix, without sources

Hi all,
Today I'm pleased to announce a fix for stagefright's security flaws, which doesn't require to disable stagefright, and doesn't require stagefright sources either.
The sources, including a detailed README is available at:
https://github.com/archos-sa/security-binary/tree/master/stagefright-ANDROID-20139950
The purpose of this contribution is to propose a systematic approach able to quickly to re-generate firmwares that addresses the 2015 libstagefright CVEs by relying on binary patching method.
This method is relevant when dealing with platforms for which the source code has not been released publicly.
This proposed process is illustrated with 2015 libstagefright CVEs but can be further extended to capture other upcoming security fixes.
Surprisingly these fixes do not pass the Zimperium vulnerability test apk because this apk directly checks libstagefright.so without going through Mediaserver.
Obviously this is not intended for Cyanogenmod type of ROMd that most likely already implement proper fixes in their source code.
Included in the git tree are some prebuilts files, targetting AOSP 4.2, 4.4, and MTK baseline 4.2 and 4.4.
This has been tested on Nexus 4 4.4 (aosp4.4 prebuilt), a spreadtrum 4.4 device (aosp 4.4 prebuilt), several mtk 4.2 and 4.4 devices (mtk4.2 and mtk4.4 prebuilts). I believe it should work as-is on Qualcomm-baseline 4.4 as well (aosp4.4 prebuilt).

Help Manually Applying Security Patches

So I recently rooted my HTC One M7 which I've had now for almost three years. I love this phone. I gave it the latest version of PAC ROM and have loved customizing the crap out of it. I am trying to get every ounce of life out of it before I eventually upgrade.
Anyway, I used many different resources for checking the security and eventually ran the QuadRoot Scanner which is an app from the Play Store. It told me that I am affected by the following vulnerabilities: CVE-2016-2059 and CVE-2016-2504. It then directs me to codeaurora.org where it explains what each vulnerability is and then tells me to apply certain security patches. There's only one problem: I have no idea how to apply patches and nowhere on the website does it tell me how to do it. I tried searching online for some answers but had little luck. If anyone can specifically tell me what to do and how to do it, I would be eternally grateful.
I tried posting the URLs for each vulnerability but XDA won't let me until I've posted 10 times or something. You can find the exact page by googling Code Aurora and then the name of the vulnerability (CVE-2016-2059 and CVE-2016-2504).
Thanks in advance for your expertise!!!
TheDonL said:
So I recently rooted my HTC One M7 which I've had now for almost three years. I love this phone. I gave it the latest version of PAC ROM and have loved customizing the crap out of it. I am trying to get every ounce of life out of it before I eventually upgrade.
Anyway, I used many different resources for checking the security and eventually ran the QuadRoot Scanner which is an app from the Play Store. It told me that I am affected by the following vulnerabilities: CVE-2016-2059 and CVE-2016-2504. It then directs me to codeaurora.org where it explains what each vulnerability is and then tells me to apply certain security patches. There's only one problem: I have no idea how to apply patches and nowhere on the website does it tell me how to do it. I tried searching online for some answers but had little luck. If anyone can specifically tell me what to do and how to do it, I would be eternally grateful.
I tried posting the URLs for each vulnerability but XDA won't let me until I've posted 10 times or something. You can find the exact page by googling Code Aurora and then the name of the vulnerability (CVE-2016-2059 and CVE-2016-2504).
Thanks in advance for your expertise!!!
Click to expand...
Click to collapse
I'm no expert but if your rom is no longer maintained you would have to build your own with the latest Cyanogenmod/PacMan, device tree, etc etc which will have all the security patches in it. It's a mission http://xda-university.com/as-a-developer/introduction-how-an-android-rom-is-built
Note that there will be loads of other security patches released since your rom was built, depending on how old it is, that do not have an app to show if you are vulnerable, look at the date of the "Android security patchs level" shown in about phone & compare to the monthly security bulletins to find them all.
https://source.android.com/security/bulletin/index.html
running CM ? might want to check this thread :
http://forum.xda-developers.com/showthread.php?t=2862061
err on the side of kindness
TheDonL said:
So I recently rooted my HTC One M7 which I've had now for almost three years. I love this phone. I gave it the latest version of PAC ROM and have loved customizing the crap out of it. I am trying to get every ounce of life out of it before I eventually upgrade.
Anyway, I used many different resources for checking the security and eventually ran the QuadRoot Scanner which is an app from the Play Store. It told me that I am affected by the following vulnerabilities: CVE-2016-2059 and CVE-2016-2504. It then directs me to codeaurora.org where it explains what each vulnerability is and then tells me to apply certain security patches. There's only one problem: I have no idea how to apply patches and nowhere on the website does it tell me how to do it. I tried searching online for some answers but had little luck. If anyone can specifically tell me what to do and how to do it, I would be eternally grateful.
I tried posting the URLs for each vulnerability but XDA won't let me until I've posted 10 times or something. You can find the exact page by googling Code Aurora and then the name of the vulnerability (CVE-2016-2059 and CVE-2016-2504).
Thanks in advance for your expertise!!!
Click to expand...
Click to collapse
There have been 100s of security patches for Android kernel, but if your bootloader is locked, you can't implement them. If you unlock your bootloader, you can use a custom kernel and you can manually implement each patch. But keep in mind, CM has abandoned LP kernels, meaning they are not implementing security patches after October-November 2015. With regard to non-kernel patches (also hundreds), most of them are in sources for LP and MM.
I wouldn't rely on any app that tells you whether or not you have the patch. You can do it simply by looking at the date of your build. Pretty much everything after that date is Not included...
optimumpro said:
There have been 100s of security patches for Android kernel, but if your bootloader is locked, you can't implement them. If you unlock your bootloader, you can use a custom kernel and you can manually implement each patch. But keep in mind, CM has abandoned LP kernels, meaning they are not implementing security patches after October-November 2015. With regard to non-kernel patches (also hundreds), most of them are in sources for LP and MM.
I wouldn't rely on any app that tells you whether or not you have the patch. You can do it simply by looking at the date of your build. Pretty much everything after that date is Not included...
Click to expand...
Click to collapse
Thanks for the response! Yeah, I have the latest version of PAC ROM for my phone and it says Nov 2015 is the latest android security level. So I am open to finding a different, custom kernel if that means I can manually implement each patch. But what's the process for that? How would I do that? My bootloader is already unlocked.
TheDonL said:
Thanks for the response! Yeah, I have the latest version of PAC ROM for my phone and it says Nov 2015 is the latest android security level. So I am open to finding a different, custom kernel if that means I can manually implement each patch. But what's the process for that? How would I do that? My bootloader is already unlocked.
Click to expand...
Click to collapse
If you are not a developer, have no programming experience, it would be almost impossible to do. You need to work with sources. Learn how to compile a rom.... It is not easy...
optimumpro said:
If you are not a developer, have no programming experience, it would be almost impossible to do. You need to work with sources. Learn how to compile a rom.... It is not easy...
Click to expand...
Click to collapse
Ah. So I am guessing it is not as easy as simply copying and pasting the code that the website mentioned? Into the bootloader? Because codeaurora.com gives you the exact code to manually enter in for the patch. I have coded before but not much and it was a while ago...

Custom ROM development...

In a nutshell, we are developing an app for the disabled community that would require root and a few system permissions as well as some minor tweaks to android security settings in order to perform the way we need it to, but the device we are targeting does not currently have a custom ROM developed for it, so my supervisor wanted me to check in these forums to see if there is anyone who develops ROMs professionally or who knows someone who does. If so, could you please direct me to them? Thanks!

Are we protected against stuff like this?

I am talking about https://www.zdnet.com/article/google-we-just-fixed-these-three-critical-android-bugs-with-april-update/
I an trying to understand the limitations of custom roms.
Thx in advance
It depends on your custom rom and device.
In official versions of LineageOS, Android security patches get merged regularly. This means, vulnerabilities like the ones mentioned in the linked article get fixed over time if you update your LineageOS every now and then. But there are also potential vulnerabilities hidden in proprietary OnePlus components. These cannot be fixed by any custom rom and rely on updates from the manufacturer.
You might want to read up on this here.

Exploiting security patch ASB-2019-08-05 to root device

Google released the patch ASB-2019-08-05 that fix several bugs that could allow for escalation of privilege.
https://source.android.com/security/bulletin/2019-08-01.html
Those are:
CVE-2019-2120
CVE-2019-2121
CVE-2019-2122
CVE-2019-2125
CVE-2019-2128
CVE-2019-2131
CVE-2019-2132
CVE-2019-2133
CVE-2019-2134
CVE-2019-2127
The patch commit is located here:
https://android.googlesource.com/kernel/common/+/refs/tags/ASB-2019-08-05_4.4
and diffs here:
https://android.googlesource.com/ke...19-08-05_4.4^1..refs/tags/ASB-2019-08-05_4.4/
or
https://android.googlesource.com/ke...19-08-05_4.4^2..refs/tags/ASB-2019-08-05_4.4/
For those who did not apply the patch, it's a chance to root devices, like me who have a locked Verizon Pixel 2 XL.
I'm sharing the idea here in case someone can do it quicker, as I know there are people here with much more hacking knowledge than me.
Anyway, I will look into how to exploit it to get root privilege.

Categories

Resources