Earlier today, a video was posted on Twitter by @Fire30_, showing off the new Dirty Pipe Linux kernel vulnerability to root Android on the Galaxy S22 and Pixel 6 Pro, both apparently running the latest security patches. In each case, rooting was done in less than a minute with minimal fuss, opening the door to both an easy root method that root method enthusiasts might enjoy, and plenty of dreaded security concerns.
If you haven’t been following the recent news, a new kernel-level vulnerability was discovered recently called Dirty Pipe. It’s complicated, but the very short version is that programs in recent versions of the Linux Kernel can achieve privilege escalation (eg, getting root access, among other things) due to how the kernel handles reading and writing data in the “pipes” , using an error allows you to write data to a target file when you are not able to. If done correctly, this can be used to execute arbitrary code – a great way of saying that an application or part of a program can do basically anything it wants within other technical constraints, including reading things it shouldn’t have access to and performing operations that It should require permissions it does not have. The issue affects devices with Linux kernels version 5.8 and above, including Android.
Fixes have already been released in the Linux kernel, and Android is expected to address the issue in the next monthly patch level. So far, we haven’t heard of the vulnerability being actively exploited in the wild, but that is likely to change.
The video, which was posted on Twitter, shows the Samsung Galaxy S22 and Google Pixel 6 Pro achieving a drastic wrap thanks to a Dirty Pipe exploit, even flipping phones into a permissive SELinux state. All this is a display of the damage they can do. Root-level access is an absolute authorization for apps, and when SELinux is set to allowed mode, many key security features of an Android device are disabled. In essence, it’s wholly “owned,” as the technology’s old slang says.
Speaking to a security researcher, I was told that the impact of the vulnerability may still depend on other mitigations as well as simple software requirements that would require a very recent kernel release. The vast majority of Android devices are currently running older versions of the Linux kernel which will not be affected.
Finally, although the video shows an external device accessing a rooted shell, I was told that the exploit is almost certain to happen entirely on the device in an entirely app-dependent manner, based on what has been shown. Enthusiasts may be drooling here as it’s a mechanism for obtaining a seemingly impermanent root on Samsung phones, straight through the company’s less strict Knox security. And even without modifying the system for permanent root (which could trigger other discovery methods and have other issues), the app can simply wait for a boot broadcast and achieve non-permanent root at that time. Of course, the app can also take advantage of all this for nefarious purposes.
A malicious app with root access can have a serious impact, with the ability to steal your files, photos, messages, and other data, potentially among the worst actions. Without getting bogged down by all the apps, this is a very serious and severe vulnerability.
Again, we’re not aware of any active use of the vulnerability yet, and only a small subset of recently released devices should be affected. If you are concerned, check your current kernel version (usually in the . format Settings -> About, listed in “Software Information” on Samsung phones, and “Android version” on pixels). If the kernel version listed is less than 5.8, then the exploit will most likely not work on your phone.
It may be possible for Google to update Play Protect to reduce the chances of installing an app (either officially or sideloading from unknown sources) that includes the exploit. We’ve reached out to Google for more information, but the company didn’t immediately respond to our questions about it. In the meantime, if you have a phone that might be affected, it might be wise to continue installing apps from authorized sources in the meantime.
Leave Privacy to Artificial Intelligence – What Can Go Wrong?
read the following
About the author