Attacking Fuchsia

Micro Kernel > Fuschia

Monolithic Kernel > Linux

Notice Userland on Fuschia and Linux are different

Overall, Fuchsia exhibits interesting security properties compared to other OSes such as Android. A few days of vulnerability research allowed us to conclude that the common programming bugs found in other OSes can also be found in Fuchsia. However, while these bugs can often be considered as vulnerabilities in other OSes, they turn out to be uninteresting on Fuchsia, because their impact is, for the most part, mitigated by Fuchsia's security properties. We note however that these security properties do not - and in fact, cannot - hold in the lowest layers of the kernel related to virtualization, exception handling and scheduling, and that any bug here remains exploitable just like on any other OS. All the bugs we found were reported to Google, and are now fixed. Again, it is not clear where Fuchsia is heading, and whether it is just a research OS as Google claims or a real OS that is vowed to be used on future products. What's clear, though, is that it has the potential to significantly increase the difficulty for attackers to compromise devices.

Research via Quarkslab.com page