Sweet Security Nuggets in Android Nougat
Google has released the long-awaited 7.0 version of Android, known as Nougat, and along with the usual performance and feature improvements, this release also is chock full of security improvements, both for users and developers. Many of the new security features are underneath the surface and won’t be visible to most users, but the changes are significant and should have a major effect on user safety.
One of the more important changes in Nougat is a near-total rebuild of the mediaserver, a service that has been problematic from a security perspective recently. The Stagefright vulnerability discovered by researcher Joshua Drake in 2015 exposed a serious problem with the way that the mediaserver processed audio and video. The vulnerability, which affected nearly a billion Android devices at the time it was disclosed, can be exploited by sending a simple MMS message to a victim. Google patched the vulnerability, but in order to protect against similar problems in the future, the company hardened and rebuilt the media stack in the newest release.
“In Android Nougat, we’ve both hardened and re-architected mediaserver, one of the main system services that processes untrusted input. First, by incorporating integer overflow sanitization, part of Clang’s UndefinedBehaviorSanitizer, we prevent an entire class of vulnerabilities, which comprise the majority of reported libstagefright bugs. As soon as an integer overflow is detected, we shut down the process so an attack is stopped,” Xiaowen Xin of the Android security team said in a post on the new security features.
“Second, we’ve modularized the media stack to put different components into individual sandboxes and tightened the privileges of each sandbox to have the minimum privileges required to perform its job. With this containment technique, a compromise in many parts of the stack grants the attacker access to significantly fewer permissions and significantly reduced exposed kernel attack surface.”
That’s a technical way of saying that exploiting vulnerabilities in the mediaserver will be much more difficult, and even successful exploits won’t get very far. Google also has added a new feature that prevents compromised devices from booting. Known as Verified Boot, the feature is enforced on all Android devices now, so if a user’s device is compromised by malware or another method, the device will no longer boot.
Another important change is the addition of file-based encryption to Nougat. Rather than encrypting the entire contents of the hard disk as one image, file-based encryption encrypts data on more granular basis. This allows for some performance improvements, and also gives users access to some apps immediately after the device reboots.
“File-based encryption better isolates and protects individual users and profiles on a device by encrypting data at a finer granularity. Each profile is encrypted using a unique key that can only be unlocked by your PIN or password, so that your data can only be decrypted by you,” Xin said.
Nougat also brings a relatively small change that will offer an important level of protection for users. Some apps, both malicious and legitimate, will use an overlay screen to obscure dialog boxes that detail which permissions the app is asking for. This is designed to fool the user into granting an app more permissions than the user believes he’s granting, and it’s been employed recently by Android ransomware apps and other malware. Nougat prevents overlay screens from being displayed on permission dialogs, defeating this technique. Google also added another feature to make life more difficult for ransomware.
“We’ve reduced the power of device admin applications so they can no longer change your lockscreen if you have a lockscreen set, and device admin will no longer be notified of impending disable via onDisableRequested(). These were tactics used by some ransomware to gain control of a device,” Xin said.
Google has been making gradual improvements in Android’s security over the last couple of years, adding device encryption and many other features. But Nougat marks a major step forward in the operating system’s security and makes Android much more resistant to attack from all sides.