Android's
DNS resolver is vulnerable to DNS poisoning due to weak randomness in
its implementation. Researchers Roee Hay & Roi Saltzman from IBM
Application Security Research Group demonstrate
that how an attacker can successfully guess the nonce of the DNS
request with a probability thatis suficient for a feasible
attack. Android version 4.0.4 and below are Vulnerable to this bug
Weakness in its pseudo-random number generator (PRNG), which makes DNS
poisoning attacks feasible. DNS poisoning attacks may endanger the
integrity and con dentiality of the attacked system. For example, in
Android, the Browser app can be attacked in order to steal the victim's
cookies of a domain of the attacker's choice. If the attacker manages to
lure the victim to browse to a web page controlled by him/her, the
attacker can use JavaScript, to start resolving non-existing
sub-domains.
Upon success, a sub-domain points to
the attacker's IP, which enables the latter to steal wild card cookies
of the attacked domain, and even set cookies. In addition, a malicious
app instantiate the Browser app on the attacker's malicious web-page. If
the attacker knows the PID (for example, a malicious app can access
that information), the attack expected time can be reduced furthermore.
Vulnerability dubbed as
"CVE-2012-2808" Android 4.1.1 has been released, and patches are
available on AOSP. The random sample is now pulled from /dev/urandom,
which should have adequate entropy by the time network activity occurs.
Source: netasq-India
No comments:
Post a Comment