One Article Review
| Source |  GoogleSec |
|---|---|
| Identifiant | 8421613 |
| Date de publication | 2023-12-12 12:00:09 (vue: 2023-12-12 18:07:13) |
| Titre | Durcissant les bandes de base cellulaire dans Android Hardening cellular basebands in Android |
| Texte | Posted by Ivan Lozano and Roger Piqueras Jover Android\'s defense-in-depth strategy applies not only to the Android OS running on the Application Processor (AP) but also the firmware that runs on devices. We particularly prioritize hardening the cellular baseband given its unique combination of running in an elevated privilege and parsing untrusted inputs that are remotely delivered into the device. This post covers how to use two high-value sanitizers which can prevent specific classes of vulnerabilities found within the baseband. They are architecture agnostic, suitable for bare-metal deployment, and should be enabled in existing C/C++ code bases to mitigate unknown vulnerabilities. Beyond security, addressing the issues uncovered by these sanitizers improves code health and overall stability, reducing resources spent addressing bugs in the future. An increasingly popular attack surface As we outlined previously, security research focused on the baseband has highlighted a consistent lack of exploit mitigations in firmware. Baseband Remote Code Execution (RCE) exploits have their own categorization in well-known third-party marketplaces with a relatively low payout. This suggests baseband bugs may potentially be abundant and/or not too complex to find and exploit, and their prominent inclusion in the marketplace demonstrates that they are useful. Baseband security and exploitation has been a recurring theme in security conferences for the last decade. Researchers have also made a dent in this area in well-known exploitation contests. Most recently, this area has become prominent enough that it is common to find practical baseband exploitation trainings in top security conferences. Acknowledging this trend, combined with the severity and apparent abundance of these vulnerabilities, last year we introduced updates to the severity guidelines of Android\'s Vulnerability Rewards Program (VRP). For example, we consider vulnerabilities allowing Remote Code Execution (RCE) in the cellular baseband to be of CRITICAL severity. Mitigating Vulnerability Root Causes with Sanitizers Common classes of vulnerabilities can be mitigated through the use of sanitizers provided by Clang-based toolchains. These sanitizers insert runtime checks against common classes of vulnerabilities. GCC-based toolchains may also provide some level of support for these flags as well, but will not be considered further in this post. We encourage you to check your toolchain\'s documentation. Two sanitizers included in Undefine |
| Envoyé | Oui |
| Condensat | *Data *data Boundsan HAndle Old Overflowdata UBSAN Valuehandle able abort above abundance abundant access accesses accidental acknowledging actively actual add added address addressed addressing adds adopting after against agnostic air all allowing allows already also although altogether and/or android annotating any apparent application applies apply approach architecture are area aren arguments arithmetic around array arrays aside asn attack attackers attacking attention attract authentication available bar bare base baseband basebands based bases because become becomes been before begin behavior benchmarks benefit benefits benign best beyond both bounds boundsan boundssanitizer briefly: bring bug bugs builtins but c/c++ calls can candidate cannot carries case categorization cause causes cellular certain chance check checked checks clang classes clear code codebase codebases codecs collect combination combined common comparing compile compiler compilers complex components conferences configuration consider considered consistent constrained contain contests continue correctly costs could course cover coverage covers cpu critical cryptographic custom data date day debug decade default defense defined definitions delivered demonstrates dent deployed deploying deployment depth detecting developed developers device devices diagnose diagnostics different difficult disable disabled discovered discussed divrem dns documentation does done driven due easier easiest easily effective effort either elevated emit enable enabled enabling encoding/decoding encourage end enough entails entire environment environments especially etc… even everything example example: excluded execution exist existing expect expected experienced explicit explicitly exploit exploitable exploitation exploits extremely false false/malicious features ffi file final find fine firmware first fixing flag flags flags: focus focused following follows: footprint formats found free from front fruit fsanitize fsanitize=signed function functions functions” fundamentals further future gcc generally generated given good grained greatly guidelines handful handle handlers handling hanging hardening has have having health help here hidden high higher highlighted highly hot how however identify ignorelist ignorelists illustrative impact implementation implementation; improve improves ims included inclusion increases increasingly incremental index indicative information infrastructure initial injected inline inputs insert inserts inspection instability instrumentation integer intended intentional interfaces internal introduce introduced intsan issues its ivan jover just kernels know known lack languages last later layer lead leading least legacy length less let level lhs libraries likely limited/prioritized line link linux llvm load long longer loops lot low lower lowest lozano made maintaining maintenance manual margins marketplace marketplaces may means meant measurable measured measuring media memory messages messaging metal metrics might minimize minimized mitigate mitigated mitigates mitigating mitigation mitigations mms mobile mode modern modernize modes mode” more most mul multiple must namely necessary need negate new newer next not note number occurred often old once only operate operating opportunity optimizations optionally other out outlined outweigh over overall overflow overflowdata overflows overhead own parsers parsing particular particularly parts party past patched payout per perform performance period physical piqueras place plan popular populations positive positives post posted potentially practical pre preemptively present prevent previously prioritize privilege process processor produce production program prohibitive prominent protocol prove provide provided provides purposes quality questions quickly raised raising ramp rapidly rce ready recently recommend recover=all recovers recurring reduce reducing refactored refactoring refer relatively releases remain remaining remote remotely reports require research researchers resolved resolving resourc |
| Tags | Tool Vulnerability Threat Mobile Prediction Conference |
| Stories | |
| Notes | ★★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.