Embroidery: Patching Vulnerable Binary Code of Fragmentized Android Devices

The rapid-iteration, web-style update cycle of Android helps fix revealed security vulnerabilities for its latest version. However, such security enhancements are usually only available for few Android devices released by certain manufacturers (e.g., Google's official Nexus devices). More manufactures choose to stop providing system update service for their obsolete models, remaining millions of vulnerable Android devices in use. In this situation, a feasible solution is to leverage existing source code patches to fix outdated vulnerable devices. To implement this, we introduce Embroidery, a binary rewriting based vulnerability patching system for obsolete Android devices without requiring the manufacturer's source code against Android fragmentation. Embroidery patches the known critical framework and kernel vulnerabilities in Android using both static and dynamic binary rewriting techniques. It transplants official patches (CVE source code patches) of known vulnerabilities to different devices by adopting heuristic matching strategies to deal with the code diversity introduced by Android fragmentation, and fulfills a complex dynamic memory modification to implement kernel vulnerabilities patching. We employ Embroidery to patch sophisticated Android kernel and framework vulnerabilities for various manufactures' obsolete devices ranging from Android 4.2 to 5.1. The result shows the patched devices are able to defend against known exploits and the normal functions are not affected.

[1]  Chao Zhang,et al.  IntPatch: Automatically Fix Integer-Overflow-to-Buffer-Overflow Vulnerability at Compile-Time , 2010, ESORICS.

[2]  Daniel J. Quinlan,et al.  Detecting code clones in binary executables , 2009, ISSTA.

[3]  Michael D. Ernst,et al.  Automatically patching errors in deployed software , 2009, SOSP '09.

[4]  William K. Robertson,et al.  PatchDroid: scalable third-party security patches for Android devices , 2013, ACSAC.

[5]  Angelos D. Keromytis,et al.  ret2dir: Rethinking Kernel Isolation , 2014, USENIX Security Symposium.

[6]  Andy King,et al.  BinSlayer: accurate comparison of binary executables , 2013, PPREW '13.

[7]  M. Frans Kaashoek,et al.  Ksplice: automatic rebootless kernel updates , 2009, EuroSys '09.

[8]  Haibo Chen,et al.  POLUS: A POwerful Live Updating System , 2007, 29th International Conference on Software Engineering (ICSE'07).

[9]  Robert H. Deng,et al.  CDRep: Automatic Repair of Cryptographic Misuses in Android Applications , 2016, AsiaCCS.

[10]  Richard William Carr,et al.  Virtual memory management , 2018 .

[11]  David Lo,et al.  Recommending Code Changes for Automatic Backporting of Linux Device Drivers , 2016, 2016 IEEE International Conference on Software Maintenance and Evolution (ICSME).

[12]  Halvar Flake,et al.  Structural Comparison of Executable Objects , 2004, DIMVA.

[13]  Konrad Rieck,et al.  Automatic Inference of Search Patterns for Taint-Style Vulnerabilities , 2015, 2015 IEEE Symposium on Security and Privacy.

[14]  Quan Chen,et al.  Hypervision Across Worlds: Real-time Kernel Protection from the ARM TrustZone Secure World , 2014, CCS.

[15]  H. J. Lu ELF: From The Programmer's Perspective , 1995 .

[16]  Juanru Li,et al.  From Collision To Exploitation: Unleashing Use-After-Free Vulnerabilities in Linux Kernel , 2015, CCS.

[17]  Konrad Rieck,et al.  Generalized vulnerability extrapolation using abstract syntax trees , 2012, ACSAC '12.

[18]  Cedric van Bockhaven Android patching From a Mobile Device Management perspective , 2014 .

[19]  Collin Mulliner,et al.  Android Hacker's Handbook , 2014 .