Dirty Pipe – What It Is And How It Affects Some Android Phones
Some Android 12 devices, including the Google Pixel 6 and Samsung Galaxy S22 series smartphones, are vulnerable to a new Linux attack. This new Linux exploit, nicknamed “Dirty Pipe,” was revealed as vulnerability CVE-2022-0847, a security flaw seen in some recent Linux kernel versions. A kernel is the part of an operating system that functions as a bridge between programmes and hardware. This means that if users of the aforementioned devices enable any Android app to read files on their phone/computer, the app could execute malicious code or just corrupt the file. On the desktop/laptop versions of Linux, this vulnerability has already demonstrated its capacity to get admin access to a system.
Attackers can easily gain complete control of your device using the Dirty Pipe exploit.
What is Dirty Pipe all about?
Dirty Pipe is based on the Linux notions of “pipes” and “pages,” as the name suggests. The pipes are used to transfer data from one programme or process to another, and the pages are little chunks of RAM on your device. The Dirty Pipe attack enables programmes to manipulate Linux pipes in order to put data into a page of memory. This allows the attacker to easily replace the contents of a file that the user is attempting to view, or even take complete control of the victim device.
Dirty Pipe impacts these devices
All Linux-powered devices, including Android phones, Chromebooks, and even Google Home devices such as Chromecast, speakers, and displays, are vulnerable to the Dirty Pipe attack. The flaw was first discovered in the Linux kernel version 5.8 in 2020, and it has since been found in every device released since then.
The good news is that Dirty Pipe’s damage potential for Android devices is fairly limited because most of them use an older version of the Linux kernel that is unaffected by the flaw. However, this is not the case with devices that come pre-installed with Android 12. As a result, Dirty Pipe may impact Android devices such as the Google Pixel 6 series and the Samsung Galaxy S22 series. Furthermore, the developer who identified the flaw replicated it on a Pixel 6 smartphone and then reported to Google.
How are companies attempting to combat Dirty Pipe?
The developer was also able to solve the problems after identifying the “Dirty Pipe” attack. ‘The fix was then submitted to the Linux kernel project, and newer versions of the Linux kernel were released with the fix a few days later.
The “Dirty Pipe” exploit was reported to Google’s Android Security Team in February. The update was quickly incorporated into the Android source code to ensure that future releases of the OS are safe from the vulnerability. The issue was also picked up by the Chrome OS team and will be released as a mid-cycle upgrade to Chrome OS 99.
Google has officially issued the May 2022 security patch for Pixel phones, as well as the Android Security Bulletin for the month, which mentions the Dirty Pipe exploit directly. This means that any Android smartphone that receives the May 2022 security update will be protected from hackers.
Read interesting news, reviews as well as tips & tricks on TechnoBugg website, and stay updated with the latest happenings of the tech world on the go with Technobugg App. Also follow on Google News and join our Telegram channel for the latest updates.