Google patches DoS vulnerabilities in Android
Researchers at the Open Source Computer Emergency Response Team (oCERT) disclosed two denial-of-service vulnerabilities in Google Inc.'s Android 1.5 mobile phone platform, both of which have already been patched by the vendor.
One of the vulnerabilities stems from Andoid's handling of SMS messages, according to an advisory released by oCERT earlier this week. The flaw allows an attacker to use malformed WAP (wireless application protocol) Push messages to disconnect a mobile phone from a cellular network. WAP Push messages are typically used to send ringtones, wallpapers and other content to mobile users.
According to oCERT, a maliciously crafted WAP message can cause the phone to reboot without the user's knowledge, which can lead to a temporary loss of connectivity and dropped calls. In cases where the phone SIM (subscriber identity module) is protected by a PIN, users will need to re-enter the PIN to reestablish connectivity causing longer delays. When the bug is triggered repeatedly, it could result in a denial of service condition, oCERT said.
A similar vulnerability was discovered in several Sony Ericsson handsets earlier this year where a malformed WAP Push message could be used to remotely reboot a vulnerable handset.
The other DoS vulnerability was reported in the application programming interface for Android's Dalvik virtual machine. It also allows an attacker to create a DOS condition by causing a handset to repeatedly reboot without the user's knowledge.
The advisories were released this week after Google issued patches addressing both problems.
Computerworld
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
Telecommunication
Powered by Twitter
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
