Android N splits up mediaserver to prevent future Stagefrights

JC Torres - May 5, 2016, 9:10 pm CDT
1
Android N splits up mediaserver to prevent future Stagefrights

The Stagefright security exploit definitely sent the Android world in a tumble. It put Android security and integrity under a microscope and increased the scrutiny of Android fragmentation and the dismally slow rollout of critical security updates. For its part, Google addressed the latter issue by starting monthly security updates, at least for its own Nexus devices. Some, but sadly not even most, OEMs followed suit. And in Android N, Google is further minimizing Stagefright’s effects by dissecting mediaserver into a few more pieces.

The Stagefright exploit took advantage of a vulnerability in the mediaserver process in Android. While the security hole was already plugged up, Android developers determined why Stagefright had that much devastating power. It was because mediaserver itself had that much power, so it stands that compromising it would give attackers that same overarching access to Android subsystems.

mediaserver had access to almost anything related to multimedia, be it audio, camera, or even radio (networking). That was just too much for one lone process to handle. It also exposed mediaserver to more vulnerabilities. As they say, the bigger they are, the harder they fall. Stagefright, for example, took advantage of bugs in medaserver’s media parsing code. When simply parsing media, you might need access to read the file, but you definitely won’t need to access the camera, for example. And yet the old mediaserver did just that. Hence, Stagefright.

In Android N, Google is splitting up mediaserver into distinct pieces, each with access to only a specific subsystem. The AudioServer naturally has access to all things audio but nothing else, while the Camera is the only one that can access cameras. As for the problematic libstagefright, that will now be under the MediaCodec process and will run in a sandbox that has very few permissions, only those necessary to parse media. Think of it as grounding libstagefright after misbehaving too much.

image02

These measures will, of course, only be available in Android N. It’s improbable that they can be backported to older Android versions, even Android 6.0 Marshmallow. That, sadly, opens up the question of fragmentation once again, as adoption of Android N will most likely be an exercise in patience once again.

SOURCE: Android


Must Read Bits & Bytes