OS Firefox is Mozilla's breakthrough in the field of mobile operating systems and promises to be an easy mobile OS more compatible. But in the context of threats spy cams on mobile devices, especially on the Android platform is now widespread, spy cams a question for the user is - Does the operating system when using Firefox Is it safe?
About a month ago, Telefonica Group has announced the launch of Firefox OS - the mobile operating system from Mozilla - in Colombia and Venezuela. ZTE is selling the device OS Firefox through eBay to the end user.
Firefox OS is Linux and use core system startup executable Gecko (Gecko-based runtime engine), which allows users to run applications developed entirely with HTML, JavaScript, and web technology spy cams source Other open.
Overall, Firefox has the authority to manage the application (app permissions management) fine, but the core processes (core processes) (with more privileges) can become compromised target. In addition, HTML5 attributes can become potential vulnerabilities.
The app store can be installed from any website, without any additional verified. This application is not allowed to have any additional powers beyond those powers have been presented on the site. The exclusive application to request additional powers, but they must be verified and signed spy cams by a distributor (eg app store). Certified applications have many powers, can only be installed on the device by the manufacturer.
Figure 2 A class Gecko B2G process with higher privileges to run on the system, and all applications will run in a process of competent content with less. All requests spy cams to the device from an application process to be overcome first B2G, B2G and the process will check the permissions of the application.
Firefox OS has expanded sandboxing (protection system by limiting what an application can do). Each application runs in its own workspace of it and only have access to the Web API and the data it is allowed access, as well as the resources associated with the workspace (the database Indexed DB data, cookies, spy cams offline storage, spy cams etc.).
In addition, applications communicate only with B2G process, rather than communicating spy cams with other processes or applications. The application can not be run independently from B2G, and the app will not "open" with each other. "Interface" between spy cams the application only indirectly, through the intermediary of B2G process.
B2G process is a core process of the operating system Firefox. It is located in the layer stack technology Gecko OS Firefox. If this process is exploited, an attacker can capture high-level privileges (such as root access.)
About a month ago, a security flaw in Firefox 17 has been found that can be used to run arbitrary code. Trend Micro has confirmed that this vulnerability could be used to demolish the B2G process, and can also control the cursor commands (Instruction Pointer). This could allow an attacker to run arbitrary spy cams code on the device with the privileges of the B2G process.
Mozilla's documentation also assert that the extraction process can B2G is an attack point for Firefox OS. The reason is that the process can send the contents of dirty data for B2G process.
Because the application of the operating system is built from Firefox programming language HTML5, we can predict that the security hole HTML5 will be used to penetrate Firefox OS in the future. An independent study has revealed that the HTML5 attributes can be used to fill in the memory heap spray technique.
HTML5 Uint8ClampedArray command can be used to fill memory with high efficiency, and is easy to write code. It's easy to find a stable address full payload Uint8ClampedArray use. The Web-based spy cams workflow to quickly fill HTML5 memory using multiple threads at the same time, reduce the amount of time needed to fill memory.
In previous studies on HTML5 Trend Micro explains about this vulnerability can be abused and how that can lead to various attacks including spamming, create Bitcoin (a type of currency virtual) illegal, fraudulent and create spy cams botnets browser. Because HTML5 offensive language based on memory errors, these solutions against traditional spy cams malware will encounter challenges.
Although Firefox OS could not popular in the market spy cams with the Android operating system, the use of HTML5 is gradually spy cams attracting the attention of users (Amazon also accepts HTML5 for its application). Therefore, notwithstanding any operating system, we can predict that as more and more applications and web pages using HTML5, will sweep
No comments:
Post a Comment