326 Hits priyavijimohish v Mar 9, 2022, 6:35 PM

TOP Pixel 6, Samsung Galaxy S22 Series, Other Android 12 Devices Vulnerable to Attacks Due to ‘Dirty Pipe’ Bug

HIGHLIGHTS

Dirty Pipe’ vulnerability first appeared on Linux kernel version 5.8// 

Google merged the bug fix given by a researcher into the Android kernel//

The vulnerability could allow attackers to gain full root access//

Google Pixel 6, Samsung Galaxy S22, and some other new devices running on Android 12 are affected by a highly severe Linux kernel vulnerability called “Dirty Pipe.” The vulnerability can be exploited by a malicious app to gain system-level access and overwrite data in read-only files on the system. First noticed on the Linux kernel, the bug was reproduced by a security researcher on Pixel 6. Google was also informed about its existence to introduce a system update with a patch.\\

Security researcher Max Keller man of German Web development company CM4all spotted the Dirty Pipe vulnerability. Short\\

As per Keller man, the issue existed in the Linux kernel since version 5.8 though it was fixed in Linux 5.16.11 5.15.25, and 5.10.102. It is similar to the Dirty COW's vulnerability but is easier to exploit, the researcher said.\\

The Dirty COW vulnerability had impacted Linux kernel versions created before 2018. It also impacted users on Android, though Google fixed the flaw by releasing a security patch back in December 2016.\\

An attacker exploiting the Dirty Pipe vulnerability can gain access to overwrite data in read-only files on the Linux system. It could also allow hackers to create unauthorized user accounts, modify scripts, and binaries by gaining backdoor access.\\

Since Android uses the Linux kernel as core, the vulnerability has the potential to impact smartphone users as well. It is\\ “Android before version 12 is not affected at all, and some Android 12 devices — but not all — are affected,” Keller man told Gadgets 360.\\

The researcher also said that if the device was vulnerable, the bug could be used to gain full root access. This means that it could be used to allow an app to read and manipulate encrypted WhatsApp messages, capture validation SMS messages, impersonate users on arbitrary websites, and even remotely control any banking apps installed on the device to steal money from the user.\\

Keller's man was able to reproduce the bug on Google Pixel 6 and reported its details to the Android security team in February. Google also merged the bug fix into the Android kernel shortly after it received the report from the researcher.\\

However, it is unclear whether the bug has been fixed through the March security patch that was released earlier this week.\\

 

In addition to the Pixel 6, the Samsung Galaxy S22 devices appear to be impacted by the bug, according to ARX Technician Ron Amadeo.\\

Some other devices that are running on Android 12 out-of-the-box are also expected to be vulnerable to attacks due to the Dirty Pipe issue.\\

Gadgets 360 has reached out to Google and Samsung for clarity on the vulnerability and will inform readers when the companies respond. Pixel 6, Samsung Galaxy S22 Series, Other Android 12 Devices Vulnerable to Attacks Due to ‘Dirty Pipe’ Bug\\

Google Pixel 6, Samsung Galaxy S22, and other new units operating on Android 12 are affected by an extremely extreme Linux kernel vulnerability known as “Soiled Pipe.” The vulnerability may be exploited by a malicious app to realize system-level entry and overwrite information in read-only information on the system. First observed on the Linux kernel, \\

Safety researcher Max Keller man of German Internet improvement firm CM4all noticed the ‘Soiled Pipe’ vulnerability. Shortly after Keller man publicly disclosed the safety loophole this week that has been recorded as CVE-2022-0847, different researchers have been capable of element its influence.\\

As per Keller man, the problem existed within the Linux kernel for the reason that model 5.8, although it was mounted within the Linux 5.16.11, 5.15.25, and 5.10.102. It’s much like the ‘Soiled COW’ vulnerability, however, is less complicated to take advantage of, the researcher mentioned.\\

The ‘Soiled COW’ vulnerability had impacted Linux kernel variations created earlier than 2018. It additionally impacted customers on Android, although Google mounted the flaw by releasing a safety patch again in December 2016.\\

An attacker exploiting the ‘Soiled Pipe’ vulnerability can achieve entry to overwrite information in read-only information on the Linux system. It may additionally enable hackers to create unauthorized personal accounts, modify scripts, and binaries by gaining backdoor entry.\\

Since Android makes use of the Linux kernel as core, the vulnerability can influence smartphone customers as effectively. It’s, nonetheless, restricted in nature as of now — due to the truth that most Android releases will not be based mostly on the Linux kernel variations which are affected by the flaw.\\ “Android earlier than model 12 just isn’t affected in any respect, and a few Android 12 units — however not all — are affected,” Keller man instructed Devices 360.\\

The researcher additionally mentioned that if the gadget was susceptible, the bug may very well be used to realize full root entry. This means that it may very well be used to permit an app to learn and manipulate encrypted WhatsApp messages, seize validation SMS messages, impersonate customers on arbitrary websites, and even remotely manage any banking apps put in on the gadget to steal cash from the person.\\

Keller's man was capable of reproducing the bug on Google Pixel 6 and reported its particulars to the Android safety workforce in February. Google additionally merged the bug repair into the Android kernel shortly after it obtained the report from the researcher.\\

Nevertheless, it’s unclear whether the bug has been mounted by the March safety patch that was launched earlier this week.\\

Along with the Pixel 6, the Samsung Galaxy S22 units look impacted by the bug, according to ARX Technician Ron Amadeo.\\

Other units which are operating on Android 12 out-of-the-box are additionally anticipated to be susceptible to assaults because of the ‘Soiled Pipe’ situation.\\

Devices 360 has reached out to Google and Samsung for readability on the vulnerability and can inform readers when the businesses reply.\\

In the meantime, customers are advised to not set up apps from any third-party sources. It’s also necessary to keep away from putting in any untrusted apps and video games and ensure to have the most recent safety patches put in on the gadget.\\

Explore more about

Enjoyed this article? Stay informed by joining our newsletter!

Comments

You must be logged in to post a comment.

About Author
priyavijimohish v
priyavijimohish v

Recent Articles
What will the dollar rate of the world decrease?
May 20, 2024, 1:35 AM Lifebook-hero
Top 10 ideas of weight loss
May 20, 2024, 1:33 AM Hunza
What to do to convert dollars from Facebook
May 20, 2024, 1:28 AM Lifebook-hero
How to improve your communication skills
May 20, 2024, 12:32 AM Humaira Mohsin
Top 10 benefit of morning walk
May 20, 2024, 12:20 AM Hunza