阿里安全再曝Linux内核漏洞:9成Android手机可被控制
仅仅在谷歌正式发布Android 9系统一个多月后,9月20日,阿里安全潘多拉实验室再次发布其Linux系统存在一枚名为WrongZone (异域)严重内核漏洞,若被黑灰产人员掌握,可直接完成Root提权,获得系统的最高权限控制手机。
这意味着,手机系统最高的Root权限会被黑灰产团伙掌控,以至于设备上的所有账户密码等信息,都会被窃取操控,“市面上90%的安卓手机都存在这一隐患,我们已完整实现了多款主流旗舰机的Root”,阿里安全潘多拉实验室安全研究人员团控说表示,安卓平台已经很久没出现这样的大规模通杀型严重漏洞了。
近两年,Android操作系统的安全水位呈指数级的形式不断攀升,2018年8月谷歌发布的Android 9中,为部分守护进程和内核引入了控制流完整性CFI(Control Flow Integrity)防护机制,能够直接对抗常用ROP/JOP/COOP代码重用利用技巧。
“Linux内核已经过数年时间打磨,普通的测试手段和浅层次的逻辑分析能触达的安全问题早已修复。”团控说,但没有一个系统是完美无缺,牢不可破的,只有对内核了如指掌和深度分析,才有可能发现问题。
图说:Android 9 Preview的提权演示图
他也介绍,虽然Linux内核每年都会爆出一些漏洞,但绝大部分并不会影响安卓系统。并且,少有漏洞能够影响多个内核主线版本,能够用于Root获取最高权限的漏洞更是凤毛麟角。
此次阿里安全潘多拉实验室早在Android 9的预览版就已完成Root提权,并在多个品牌旗舰型手机验证了攻击的有效性。
记者注意到,仅仅两天前(9月18日),阿里安全潘多拉实验室便在苹果发布iOS 12系统数小时后,宣布实现完美越狱,并表示不会对外发布越狱程序,此举仅为做安全研究,以便更好地促进整个系统安全生态发展。
近两年内,该实验室共计上报了上百个涵盖iOS与Android系统的安全漏洞,获得过Apple、Google和华为等厂商公开致谢。
“阿里安全潘多拉实验室自成立以来就聚焦于移动安全领域,包括对iOS和Android系统安全的攻击与防御技术研究。”阿里安全潘多拉实验室负责人说,此次鉴于漏洞危害较大,实验室成员已将上述漏洞上报给Google和Linux内核社区,并直接同步漏洞最小信息给国内部分手机厂商推进修复,建议普通用户应保持系统更新,尽量避免下载安装未知应用。
{"weixin":{"label":"微信","name":"weixin","selected":true,"value":true,"sortid":"1","shareid":"weixin","sharetitle":"分享到微信","event":"shareToWeiXin","lang":"shareWeb_WeiXin"},"copy":{"label":"复制网址","name":"copy","selected":true,"value":true,"sortid":"2","shareid":"copy","sharetitle":"复制网址","event":"copy_url","lang":"shareWeb_Copy"},"qq":{"label":"QQ好友","name":"qq","selected":true,"value":false,"sortid":"1","shareid":"qq","sharetitle":"分享到QQ","event":"shareToQQ","lang":"shareWeb_QQ"},"sina_weibo":{"label":"新浪微博","name":"sina_weibo","selected":true,"value":true,"sortid":"4","shareid":"sina_weibo","sharetitle":"分享到新浪微博","event":"shareToSinaWB","lang":"shareWeb_SinaWeiBo"},"qq_zone":{"label":"QQ空间","name":"qq_zone","selected":true,"value":true,"sortid":"5","shareid":"qq_zone","sharetitle":"分享到QQ空间","event":"shareToQzone","lang":"shareWeb_QQZone"},"renren":{"label":"人人网","name":"renren","selected":true,"value":true,"sortid":"7","shareid":"renren","sharetitle":"分享到人人网","event":"shareToRenren","lang":"shareWeb_RenRen"},"douban":{"label":"豆瓣网","name":"douban","selected":true,"value":true,"sortid":"8","shareid":"douban","sharetitle":"分享到豆瓣网","event":"shareToDouban","lang":"shareWeb_DouBan"},"baidu_tieba":{"label":"百度贴吧","name":"baidu_tieba","selected":true,"value":true,"sortid":"10","shareid":"baidu_tieba","sharetitle":"分享到百度贴吧","event":"shareToTieba","lang":"shareWeb_TieBa"},"Facebook":{"label":"Facebook","name":"Facebook","selected":true,"value":true,"sortid":"11","shareid":"Facebook","sharetitle":"分享到FaceBook","event":"shareToFacebook","lang":"shareWeb_Facebook"},"Twitter":{"label":"Twitter","name":"Twitter","selected":true,"value":true,"sortid":"12","shareid":"Twitter","sharetitle":"分享到Twitter","event":"shareToTwitter","lang":"shareWeb_Twitter"},"LinkedIn":{"label":"LinkedIn","name":"LinkedIn","selected":true,"value":true,"sortid":"13","shareid":"LinkedIn","sharetitle":"分享到linkedIn","event":"shareToLinkedin","lang":"shareWeb_Linkedin"},"whatsapp":{"label":"whatsapp","name":"whatsapp","selected":true,"value":true,"sortid":"15","shareid":"whatsapp","sharetitle":"分享到whatsapp","event":"shareToWhatsapp","lang":"shareWeb_whatsapp"},"line":{"label":"line","name":"line","selected":true,"value":true,"sortid":"15","shareid":"line","sharetitle":"分享到line","event":"shareToLine","lang":"shareWeb_line"},"qq_weibo":{"label":"腾讯微博","name":"qq_weibo","selected":true,"value":true,"sortid":"3","shareid":"qq_weibo","sharetitle":"分享到腾讯微博","event":"shareToQQwb","lang":"shareWeb_QQWeiBo"},"peopleBlog":{"label":"人民微博","name":"propleBlog","selected":true,"value":true,"sortid":"14","shareid":"propleBlog","sharetitle":"分享到人民微博","event":"shareToPeopleBlog","lang":"shareWeb_peopleBlog"}}
