In association with heise online

22 February 2012, 14:53

ASLR on Android 4 found wanting

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Android icon Jon Oberheid has found the ASLR (Address Space Layout Randomisation) in Google's Android 4, Ice Cream Sandwich (ICS), somewhat wanting. In a detailed posting on the Duo Security blog, one commenter eloquently concluded that "TL;DR: ICS ASLR = FUBAR".

Specifically, he found that the lack of randomisation in executable and linker memory regions meant that it would be "largely ineffective for mitigating real-world attacks". Oberheid shows that Android inherits ASLR from Linux, but prior to ICS it was "almost non-existent" with only the location of the stack being randomised.

In ICS 4.0, with its Linux 3.x kernel, it was believed that Linux's ARM ASLR additions would function. But on examination, it is only a slight improvement with and other shared libraries randomised, but not the heap, executable code or linker mappings.

Zoom Many important code ranges are still at the same address

Source: Duo Security

Oberheid looks into the reasons and mitigations for each of these and also notes other concerns about ASLR in connection with the zygote process launching system. The Android Security Team responded to Oberheid's posting noting that they will, in 4.0.3, randomise the heap and future Android releases will randomise the linker and executable mappings.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit