Android’s seccomp, Lying Snowblind In The Sun
And An Insecurity Corner Smorgasbord Below The Fold
If you are using an Android device then here’s some good news, as of yet researchers have only ever spotted one specific app that has been modified by the new Snowblind vulnerability to infect devices. That’s the end of the good however, as the only reason it’s not widespread is that attackers aren’t familiar with it, the moment they do familiarize themselves you can expect to see it leveraged far and wide.
Snowblind targets the Linux kernel feature seccomp, aka secure computing, to misdirect it’s ability to perform integrity checks on applications a user is installing. If Snowblind can infect an Android device, either through the installation of a dodgy app or by utilizing a separate vulnerability it can completely break seccomp. When you install an app, seccomp checks the APK to see if it has been tampered with, and blocks the app with a warning if it has been modified.
With a Snowblind infection, instead of seccomp being able to check the actual APK being installed, it can send a bad argument to seccomp and misdirect it to examine an untouched APK while simultaneously installing the APK which has been tampered with. Check Bleeping Computer for more details on how Snowblind can ruin your day, as well as Google’s current official response to the new threat.
Snowblind's goal is to repackage a target app to make them unable to detect abuse of accessibility services that allow it to obtain user input such as credentials, or to get remote control access to run malicious actions.
More Tech News From Around The Web
- Microsoft blamed for million-plus patient record theft at US hospital giant @ The Register
- Hackers target new MOVEit Transfer critical auth bypass bug @ Bleeping Computer
- If you’re using Polyfill.io code on your site – like 100,000+ are – remove it immediately @ The Register
- Apple Expands Self-Service Repair Diagnostics To Europe @ Slashdot
- Researchers upend AI status quo by eliminating matrix multiplication in LLMs @ Ars Technica
- Seattle’s Living Computers Museum Logs Off For Good @ Slashdot
- YouTube tries convincing record labels to license music for AI song generator @ Ars Technica
- Everything Homelab Node Goes 1U Rackmount Qotom @ ServeTheHome
- AutoFull M6 Advanced Gaming Chair @ KitGuru
