views
Android smartphones are seemingly exposed to a new type of vulnerability that may give attackers full control of your device. Spotted by a researcher named Max Kellermann, the new exploit has the potential to compromise Android 12-powered smartphones like Samsung Galaxy S22 series, Google Pixel 6 series and more. Identified as ‘CVE-2022-0847’ and dubbed ‘Dirty Pipe’, Kellermann’s blog post notes that the vulnerability in the Linux kernel 5.8 allows “overwriting data in arbitrary read-only files". Since Android is built on the Linux kernel (kernel is the core of the operating system), the vulnerability poses threats to any Android-powered devices like smartphones, smart speakers, TV, and more. However, Ars Technica’s Ron Amadeo points out that the damage potential of ‘Dirty Pipe’ is far more limited as “Linux 5.8 and above has only been an Android option for five months".
How Does Dirty Pipe Exploit Work?
The Dirty Pipe is named after the Dirty Cow vulnerability that was discovered in 2016. Kellermann suggests the two are similar, but the latter is “easier to exploit". The post explains the new exploit is a ‘privilege-escalation’ vulnerability that lets hackers obtain unauthorised access despite a security perimeter. A simple overview would be that Dirty Pipe affects ‘pipes’ within Linux that help in the transfer of data. If this “unidirectional inter-process communication" channel is compromised, hackers can change the contents of a file or gain access to the full device, as noted by 9to5Google.
The post notes that the Linux vulnerability was alerted to the Linux Kernel security team in early February, and the issue is fixed with multiple releases (5.16.11, 5.15.25, 5.10.102). Google is yet to release a patch for the ‘Dirty Pipe CVE-2022-0847’ exploit.
By my count, Dirty Pipe affects only brand-new Android 12 devices like the Pixel 6 and S22.Linux 5.8 and above has only been an Android option for five months. https://t.co/WmstZDoA5t pic.twitter.com/PEFhcwUQYV
— Ron Amadeo (@RonAmadeo) March 8, 2022
Dirty Pipe Protection
Since it is a fairly new vulnerability that was disclosed to the public earlier this month, many details remain unclear. For instance, it seems that the ‘Dirty Pipe CVE-2022-0847’ is still an active exploit in the wild and the scale of affected users remains unclear. Developer ‘AndroidMalware’ on Instagram was easily able to reproduce the malware, and it could be a matter of time before ‘Dirty Pipe’-based exploits start appearing.
Sony WF-C500 Review: Mid-Budget TWS Earbuds That Won’t Disappoint
As mentioned, the vulnerability affects newer Android smartphones running on Android 12 OS. To check the Linux kernel version of your phone, go to Settings > About phone > Android version. At this moment, users are advised to run trusted apps and avoid downloading new apps till a patch fix for Dirty Pipe CVE-2022-0847 is available.
Read all the Latest Tech News and Breaking News here
Comments
0 comment