Control-Flow Integrity (CFI) is a cybersecurity feature that keeps software execution on a must follow the path of a previously determined control flow graph (CFG) created by the compiler at the compile time.
Google has added a new security feature to the latest Linux kernels for Android devices in order to prevent code reuse attacks that allow hackers to run arbitrary code by exploiting control-flow hijacking vulnerabilities.
When it comes to code reuse attacks, hackers exploit memory corruption bugs (buffer overflows, type confusion, or integer overflows) to hijack code pointers stored in memory and repurpose existing code to suits their choice.
Since Android has a lot of cybersecurity flaws, the code reuse method is particularly popular among hackers that want gain code execution.
Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running. If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;
In order to silent this kind of attack once it for all, Google has now added support for LLVM’s Control Flow Integrity (CFI) to Android’s kernel as a measure for detecting unusual behaviors of attackers trying to interfere or modify the control flow of a program.
This new feature doesn’t prevent a hacker from changing a function pointer if a bug provides write access to one, but it significantly restricts the valid call targets, which makes exploiting such a bug more difficult in practice.
CFI also makes sure that apps or programs with unusual behavior will be automatically terminated.
Control-Flow Integrity is added to Android Kernel 4.9 and 4.14
Google Pixel 3 will be the first Android device which will integrate the new kernel code protection system.
Keep in mind that CFI support has been added to Android kernel versions 4.9 and 4.14, and Google recommends all Android device vendors to enable the feature in the kernel of their new arm64 devices running Android 9 for additional protection against kernel vulnerabilities.
Google also has plans to protect function return addresses from similar attacks by adding LLVM’s Shadow Call Stack in an upcoming compiler release.
We would continue to monitor this cybersecurity problem. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.