Android’s cellular baseband, Google, highlights the pivotal role played by Clang sanitisers, explicitly focusing on the Integer Overflow Sanitizer (IntSan) and BoundsSanitizer (BoundSan).
These sanitisers, integral components of the UndefinedBehaviorSanitizer (UBSan), emerge as potent tools for identifying diverse forms of undefined behavior during program execution.
IntSan and BoundSan
IntSan and BoundSan, nestled within the UBSan toolkit, are architecture-agnostic, rendering them suitable for bare-metal deployment.
Google advocates for their adoption in existing C/C++ code bases as a proactive measure to mitigate latent vulnerabilities.
Strategic Application in Security-Critical Arenas
In a recent announcement, Google disclosed the strategic implementation of IntSan and BoundSan as exploit mitigation measures.
Despite the noticeable performance overhead, these sanitisers are strategically deployed in security-critical attack surfaces, signaling a phased rollout across the entire codebase.
Targeted Deployment Areas: Enhancing Security Across Frontiers
- Wireless Communication Protocols (2G, 3G, 4G, 5G)
- Complex Format Encoding/Decoding Libraries
- Foundational Stacks (IMS, TCP, IP)
- Messaging Functions (SMS, MMS)
Strategic Considerations for Legacy Technologies
Addressing 2G technology, the researchers recommend turning off the stack via Android’s ‘2G toggle.’
Notwithstanding, the researchers recognise the continued relevance of 2G in specific regions, urging a balanced approach that aligns with user needs.
The Rust Revolution: Elevating Android’s Security Landscape
Google announced rewriting the Android Virtualization Framework’s protected VM (pVM) firmware in Rust.
This strategic move aims to establish a memory-safe foundation for the pVM root of trust, reflecting a commitment to fortifying Android’s defenses against evolving threats.
Adversaries Exploit OAuth Applications for Cryptocurrency Mining and Phishing Assaults
Microsoft has sounded the alarm concerning a trend where adversaries strategically utilize OAuth applications as a potent automation tool.
This insidious maneuver facilitates the deployment of virtual machines (VMs) for cryptocurrency mining and serves as a launchpad for sophisticated phishing attacks.
Beyond Compromise: The Ongoing Threat with OAuth Misuse
The misuse of OAuth applications opens a Pandora’s box for cyber adversaries. Even if initial access to the compromised account is lost, the malefactors can maintain a persistent foothold within applications.
This alarming trend highlights the need for heightened vigilance in securing OAuth infrastructure.
Phishing and Cryptocurrency Mining
In the intricate web of cyber threats, Microsoft shines a light on specific tactics employed by adversaries. One malevolent entity, Storm-1283, adeptly leverages a compromised user account to create an OAuth application.
This is a launching pad for deploying VMs dedicated to cryptocurrency mining, demonstrating the multifaceted nature of contemporary cyber threats.
Microsoft’s Recommendations
To counter these emergent threats, Microsoft advocates a strategic approach. Organizations are urged to enforce multi-factor authentication (MFA), institute conditional access policies, and conduct routine audits of applications and their granted permissions.
This proactive stance is pivotal in fortifying defences against cyber threats.
Microsoft’s insights into OAuth exploitation highlight organizations’ need to fortify their security posture.
As cyber adversaries continue to innovate, a robust defense strategy encompassing vigilant monitoring and proactive measures is essential in safeguarding against the activities through OAuth vulnerabilities.
Anas Hasan
December 14, 2023
5 months ago
