Google Patches DoS Vulnerabilities in Android

Source: http://ping.fm/cfG1k

Researchers at the Open Source Computer Emergency Response Team (oCERT) disclosed two denial-of-service vulnerabilities in Google Inc.’s Android 1.5 mobile phone platform, both of which have already been patched by the vendor.

One of the vulnerabilities stems from Android’s handling of SMS messages, according to an advisory released by oCERT earlier this week. The flaw allows an attacker to use malformed WAP (Wireless Application Protocol) Push messages to disconnect a mobile phone from a cellular network. WAP Push messages are typically used to send ringtones, wallpapers and other content to mobile users.

According to oCERT, a maliciously crafted WAP message can cause the phone to reboot without the user’s knowledge, which can lead to a temporary loss of connectivity and dropped calls. In cases where the phone’s SIM (subscriber identity module) is protected by a PIN, users will need to re-enter the PIN to re-establish connectivity, causing longer delays. When the bug is triggered repeatedly, it could result in a denial-of-service condition, oCERT said.

A similar vulnerability was discovered in several Sony Ericsson handsets earlier this year. In that case, a malformed WAP Push message could be used to remotely reboot a vulnerable handset.

The other DoS vulnerability was reported in the API for Android’s Dalvik virtual machine. It also allows an attacker to create a DoS condition by causing a handset to repeatedly reboot without the user’s knowledge.

The advisories were released this week after Google issued patches addressing both problems.

[via Computer World]

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: