This Android Exploit Can Help Attackers Easily Take over Your Galaxy S22, Pixel 6 Devices
Android apps and phones have been susceptible to vulnerabilities in the past and this continues to be a reality even now. A new exploit called Dirty Pipe has now been discovered that can let apps (with the necessary permissions) read files,infect malicious programs, and possibly control the entire systemof vulnerable Android 12 devices. Here are the details.
Beware of the Dirty Pipe Exploit on Android
The Dirty Pipe vulnerability, also called theCVE-2022-0847 (a number assigned to common vulnerabilities), was discovered by Android developer Max Kellerman. He used a Pixel 6 to discover the vulnerability and reported it to Google. Thevulnerability originated with Linux 5.8, which was released for Android back in 2020. According toArs Technica’sRon Amadeo, the vulnerability affects only brand new Android 12 devices like the Pixel 6 and Galaxy S22 devices.By my count, Dirty Pipe affects only brand-new Android 12 devices like the Pixel 6 and S22.Linux 5.8 and above has only been an Android option for five months.https://t.co/WmstZDoA5tpic.twitter.com/PEFhcwUQYV— Ron Amadeo (@RonAmadeo)March 8, 2022
By my count, Dirty Pipe affects only brand-new Android 12 devices like the Pixel 6 and S22.Linux 5.8 and above has only been an Android option for five months.https://t.co/WmstZDoA5tpic.twitter.com/PEFhcwUQYV— Ron Amadeo (@RonAmadeo)March 8, 2022
So, while your Galaxy S22 Ultramay be physically strong, the device can easily get infected by a vulnerability. It has beentermed as one of the most high-severity vulnerabilitiesand affects Linux-powered devices like Android-based smartphones, Google Home devices, Chromebooks, and more.
How Does the Vulnerability Work?
It is suggested that the Dirty Pipe affects Linux pipes (to transfer data from an app or process to another) and Pages (the small chunks of memory). This bug can exploit the pipes and pages, thus, allowing attackers to change the data or have full control over the device. You can read all the technical detailsover here.
Following Kellerman’s reporting,Linuxreleased fixes for supported devicesin the form of5.16.11, 5.15.25, 5.10.102last month. After that,Google also integrated Kellerman’s fix in the Android kernel. Although it has not yet been released for users as of writing this story. It is suggested that Google will release the fix for Dirty Pipe either with a special patch update or with the April security update.
If you are worried that your Galaxy S22 device or Pixel 6 device is at risk, you cango toSettings and check your Kernel version. If it is higher than 5.8, then your phone is potentially exposed to the Dirty Pipe vulnerability. Fortunately, the exploit has not yet been used by an attacker in the wild. However, the researchers have theorized proof of concept examples to show how Dirty Pipe can be used to easily infiltrate a vulnerable device.
So, if you are using a Pixel 6 device or a Galaxy S22 model with a Kernel version higher than 5.8,beware of untrusted apps asking for system permissionson your device until Google releases the fix. Also, stay tuned for further updates on this issue in the coming days.
Dwaipayan Sengupta
A geek at heart, you’ll find me fidgeting with an iOS device or sitting in front of the laptop, scouring the internet to find interesting technological innovations. In my free time, you’d find me playing Valorant or listening to Pink Floyd.
Add new comment
Name
Email ID
Δ
01
02
03
04
05
