A Vulnerability in Android Resolver has been identified by researchers Roee hay & Roi Saltzman from IBM Application Security Research group by the vulnerability a weakness is identified in its pseudo- random number generator (PRNG) which makes DNS poisoning attacks

feasible and it has been named as (CVE-2012-2808)

A complete Official Advisory is available here

What is the Affect of this attack?

As usual, DNS poisoning attacks may endanger the integrity and confidentiality of the attacked system. For example, in Android, the Browser app can be attacked in order to steal the victim’s cookies of a domain of the attacker’s choice. In case the attacker manages to lure the victim to browse a web page controlled by him/her, the attacker can use JavaScript in order to start resolving non-existing sub-domains. Upon success, a sub-domain points to the attacker’s IP, which enables the latter to steal wildcard cookies of the attacked domain, and even insert ones (see this for more details on the impact of subdomain poisoning). In addition, a malicious app may instantiate the Browser app on the attacker’s malicious web-page. If the attacker knows the process ID (for example, a malicious app can access that information), the expected time for a successful attack can be reduced, as explained in the whitepaper.

Which version is vulnerable?

Up to 4.0.4

How it has been fixed?

The random sample is now taken from /dev/urandom which should have enough entropy when the call is made.

All of the Information from here



This site uses Akismet to reduce spam. Learn how your comment data is processed.