We have witnessed many kernel vulnerabilities of Android devices. They have already been utilized by underground businesses in malware and APTs. Unfortunately, some of these vulnerabilities remain unfixed for years, partly due to the time-consuming patching and verification procedures, or probably because the vendors care more about innovating new products than securing existing devices. As such, there are still a lot devices all over the world subject to root attacks.
In this talk, we will present an adaptive Android kernel live patching framework, which enables hotpatching for unpatched kernels. Unlike existing Linux kernel hotpatch solutions, this framework can work directly on binaries and can automatically adjust to different device models with different Android kernel versions. This makes possible for third party developers, who may not access the exact source code of the device kernel and drivers, to perform live patching. Moreover, this work saves developers from the tedious and error-prone porting work, which further shortens the patch deployment period.