CVE-2012-2808 : Android 4.0.4 DNS poisoning vulnerability Exposed

 

6a00d835130c5153ef016768b59c8d970b
Android’s DNS resolver is vulnerable to DNS poisoning due to weak randomness in its implementation. Researchers Roee Hay & Roi Saltzman from IBM Application Security Research Group demonstrate that how an attacker can successfully guess the nonce of the DNS request with a probability thatis su cient for a feasible attack. Android version 4.0.4 and below are Vulnerable to this bug.
Weakness in its pseudo-random number generator (PRNG), which makes DNS poisoning attacks feasible. DNS poisoning attacks may endanger the integrity and con dentiality of the attacked system. For example, in Android, the Browser app can be attacked in order to steal the victim’s cookies of a domain of the attacker’s choice. If the attacker manages to lure the victim to browse to a web page controlled by him/her, the attacker can use JavaScript, to start resolving non-existing sub-domains.
Upon success, a sub-domain points to the attacker’s IP, which enables the latter to steal wild card cookies of the attacked domain, and even set cookies. In addition, a malicious app instantiate the Browser app on the attacker’s malicious web-page. If the attacker knows the PID (for example, a malicious app can access that information), the attack expected time can be reduced furthermore.
Vulnerability dubbed as “CVE-2012-2808” Android 4.1.1 has been released, and patches are available on AOSP. The random sample is now pulled from /dev/urandom, which should have adequate entropy by the time network activity occurs.

 

 

 

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s