BlackHat feature | Android system security has been saved? Chinese hackers come up with artifacts

Android system is safe.

This is the biggest joke in the eyes of hackers.

Exaggerating, even a script kid can easily find a solution on the Internet and break your cell phone defense. The reason for this result is not that Google does not act in terms of system security, but that most Android phones that exist in the human world are mostly "lost lambs." Due to the fragmentation of the system and the tedious process of vendor updates, these mobile phones simply cannot find the door to upgrade. They can only be left alone in the wilderness of the wolf and tiger leopard.

Baidu’s chief security scientist, Wei Wei, calls it “ecological security breach” and “leukemia of the Android system”.

Incredibly, on top of BlackHat USA, the top hacking gathering, the hacker has been calling for Android system security for three consecutive years. Just today, he once again climbed the top stage of this global hacker. This time, he resorted to an "artifact."

At the end of the speech, Lei Feng network had an exclusive interview with Wei Wei, let us tell him about what this "artifact" is.

Baidu chief security scientist X-Lab head Wei Yan

Android system leukemia?

Lei Feng Network:

How insecure is our Android phone?

Wei Wei:

In the previous year's BlackHat USA, my speech content was targeted at many methods of attacking Android mobile phones. We demonstrated on-site remote insensible attacking Android phones for live video recording and uploading. Here are a few small examples, such as Android 5.X, there is a serious vulnerability, any app can have permission to read SMS messages; Similarly, all the App can also get the user on the clipboard. Of course these are only a small part. A large number of basic loopholes have not been repaired yet, and most of the users' mobile phones are running such systems.

Lei Feng Network:

If we don't Root the phone, will it be safer?

Wei Wei:

Not so. In simple terms: Users don't have root phones, and attackers will help you root them. For the vast majority of mobile phones that are in use, the underground black production has a mature root technology. The user's root privileges are silently obtained even when the user is completely unaware. For example, inducing a user to download a game, the attack code can be executed only by flashing a banner.

This unsuspecting Root is even more horrible than the user's own Root. Hackers can get the highest privilege in the background and steal the user's bank account password. There are even spy groups that steal work passwords on employees’ phones and steal commercial recordings from mobile phones. These things I talk about are not hypotheses but actually happen.

Lei Feng Network:

So it seems that around Android phones have formed a black industry?

Wei Wei:

It is not one, but many black industries are intersecting. The meticulous production division of black production is beyond imagination. The output value of each sub-industry is in the hundreds of millions to billions. It can be said that the status quo of Android is a paradise for them. After a long wait, they (black production) can now begin to harvest.

Wei Wei (left) and team member Zhang Xiaolong speak at BlackHat

Lei Feng Network:

What causes the Android system to be buggy?

Wei Wei:

There are three main reasons.

Industry chain length: From Google to users, go through the Android system, mobile phone manufacturers, operators, application developers, application development tool producers, etc. In these links, once a problem arises, the entire system will not Safety.

Cell phone fragmentation: According to our statistics, in the first half of the year, different manufacturers and different mobile phone hardware were used with different system versions, which resulted in the fragmentation of Andorid to several hundred thousand. Many mobile phone design teams have even been dissolved. Provide technical support for each model. So there is no way to use a patch on different devices.

Security vendors do not have a place: Google apparently does not welcome security vendors to enter the Android system's kernel. All applications with a root nature are not allowed to be on the shelves. The enthusiasm of security vendors has been severely hit, and Google itself has no ability to protect its own system kernel. This has created a vacuum for Android security. Caused many loopholes to spread in the industry, researchers report to Google's lack of motivation, not even black production.

Artifacts to save Android

Lei Feng Network:

So what exactly is the artifact that you put on BlackHat?

Wei Wei:

We propose and implement an adaptive kernel thermal patching technology. At the same time, a tool called AdaptKPatch was developed to inject patches specifically for the system kernel. The advantage of this tool is that it can be adaptively patched to different mobile phones. After we test hundreds of mobile phones we have mastered, we can automatically patch the system. During the entire patching process, the system does not even need to be restarted or even stuck.

BlackHat Site, Baidu X-Lab Demonstrates "Core Hot Patch" Technology

Lei Feng Network:

How is this hot patching technology implemented?

Wei Wei:

In the first step, the engine collects the user's kernel information and phone software and hardware information, and then gives templates based on the key parameters of the security mechanism options. These "adaptive" processes can be done automatically on the phone.

In the second step, the engine will inject the generated patches into the kernel. If we cooperate with the manufacturers, we can repair them normally; if we do not cooperate, we can use Root technology to patch them.

The third step, playing the kernel hot patch. In the process of patching, it will remain systematic and smooth. For parameters that are not invoked, they can be directly replaced and a brief pause will be made for the parameter being invoked. Since Android is not a "hard real-time system" (complete real-time interactive system), users do not feel at all about this pause.

Lei Feng Network (search "Lei Feng Net" public concern) :

Is this kernel hot patch common to all Android models?

Wei Wei:

We tested hundreds of mobile phones around us and were able to patch well. However, our mobile phone is only a small part of the market. Do not rule out some special examples, such as: Some manufacturers provide their own special security mechanisms. There are also bugs in the collected CPU itself, although the proportion of such phones is very small. However, we have 6.7 billion users. Even if there are problems with 1% of mobile phones, the amount is still very large. So letting Android become this thing is not one person can do it. We need mobile phone manufacturers, security vendors, Google, Qualcomm and us to cooperate.

Lei Feng Network:

Patching the kernel of the system may theoretically create a new attack surface. How do you let Google trust Baidu?

Wei Wei:

It is for this reason that we have introduced LuaKpatch, another hot patch engine, for the first time in the world today. Lua is a very small scripting language. Its code is very simple and the functions that can be implemented are also limited. But its advantage is that Google or mobile phone manufacturers can simply audit the security of the code. However, its disadvantages are that some patches cannot be patched in the Lua language, but also use AdaptKpatch. The two engines need to be used together to completely patch the kernel.

Lei Feng Network:

Is the AdaptKpatch engine fragmented?

Wei Wei:

If we are completely open and open technologies, it is really possible to create another fragmentation process. So we chose to apply for several patents for core technologies, but these patents are open to eco-partners. We hope to avoid the problem of fragmentation of AdaptKpatch/LuaKpatch again by establishing alliances.


At the BlackHat site, Wei Wei and colleagues showed the tool to the world.

According to the live demonstration video, it could not have been Root after being patched by AdaptKPatch and LuaKPatch. Moreover, during the entire kernel upgrade process, the mobile phone did not restart, or even did not get stuck, and was fully operational.

BlackHat has always been the benchmark for the development trend of security technology. From this point of view, Android systems that suffer from "immune diseases" may come out of the quagmire under the efforts of Chinese hackers.

Distribution Transformer

Distribution Transformer,Electric Oil Type Distribution Transformer,Oil Type Distribution Transformer,Oil-Immersed Special Transformer

Shaoxing AnFu Energy Equipment Co.Ltd ,

This entry was posted in on