How Android N is being built to prevent the next Stagefright

What makes you chose one smartphone platform over another? App selection? Hardware availability? System security is another big factor shoppers take into consideration, and last year Google suffered a PR nightmare after the publication of the Stagefright attack, a vulnerability with the double whammy of presenting a serious risk to users, and being exploitable on a huge fraction of Android devices out there. With Android N, Google's getting serious about preventing another Stagefright disaster, and today shares some of the ways it's going about preventing another such attack.

Google was quick to develop a fix for the initial Stagefright attack, but related exploits just kept coming in the months that followed. And even with a patch available, actually getting that fix delivered to the countless Android devices out there proved to be a logistical nightmare. It doesn't take a big leap to decide that preventing another Stagefright looks preferable to dealing with its aftermath.

On its Android Developers Blog, Google talks about the two big steps it's taking to nip future Stagefrights in the bud.

Remember, Stagefright worked through the creation of specially formed media files; when Android's media subsystem attempted to process these files, the bug seized control of that software, gaining the ability to execute its own malicious code in the process.

Google's first step towards preventing future attacks like this is limiting the ability of malformed input (those hacker-tweaked media files, in the case of Stagefright) from causing unintended program behavior in the first place. To accomplish this, Google's using tools with Android N code that recognize vulnerable segments and replace them with more robust code, capable of failing gracefully.

The second step is stopping even a successful bug exploit from causing big damage. Let's say Google still misses a vulnerability with that code-scanning tool, and a bug slips through: by breaking up system processes like the Android MediaServer into multiple components, and only giving each the rights it needs to get its specific job done, it becomes harder for successful attacks to wreak havoc on a system level.

For example, if a bug got control of the old MediaServer, it could access the Android file system, communicate over the network, and read and write to system memory - all bad stuff in the wrong hands. By compartmentalizing things in Android N (see chart below), Google's making sure that even if something like a malicious audio file seizes control of MediaServer, it can only do other audio-related things; it might mute your phone or mess with your Bluetooth connections, but it's not going to be able to take control of the full system.

Well, that's the plan, anyway. Hackers are a resourceful bunch, and it remains to be seen just how well these steps will actually keep Android N safe. For now, we're just glad that Google's trying to stay ahead of the curve, being proactive rather than reactionary.


source: Google