Google has slammed some of the leading mobile manufacturers for altering Linux kernel codes within its Android platform.
According to Google’s Project Zero security team, several phone makers have tinkered with the software in order to make their devices more secure – however, in the process, they have actually ended up making the phones vulnerable to serious security bugs.
As mentioned by Jann Horn from the Project Zero team in a blog post, Samsung tried to add downstream custom drivers for direct hardware access to Google’s Android Linux kernel. This was done in the kernel of the Galaxy A50 smartphone. The issue here was that Samsung added downstream custom drivers without putting it for review with the upstream kernel developers.
This includes Samsung, whose tinkering with the Android Linux kernel has resulted in exposing the company’s devices to a range of threats.
Creating vulnerabilities
Google has suggested that manufacturers should use Android’s inbuilt security features rather than making unnecessary changes to the core kernel.
Citing an example of Samsung’s Galaxy A50, Google’s Jann Horn revealed that while making these changes, Samsung added custom drivers, thus creating direct access to the kernel. While this was meant to enhance security on the device, it created a memory corruption bug.
Samsung described the bug as a moderate issue consisting of use-after-free and double-free vulnerabilities on devices running Android 9 Pie and Android 10 and affected the company’s PROCA (Process Authenticator) security subsystem. This bug was patched with an update in the recent February update by the company.
Horn’s posts also suggest that device-specific kernel changes are a frequent source of vulnerabilities and termed these them “unnecessary” which negates Google’s work in making the OS secured.
He highlighted another example from Samsung stating that one of the changes in a device was aimed at restricting an attacker that gained “arbitrary kernel read/write.” Calling these changes as “futile”, he mentioned that the engineering resources could’ve been better utilized had it ensured that a hacker does not even reach this point.
However, Horn added that what Samsung did was nothing new or uncommon as some other brands do it as well and in the process, make their devices more prone to attacks. In this case, Samsung’s downstream drivers introduced a memory corruption bug that Google reported to the South Korean handset maker back in November last year. This is now being patched in Samsung’s February update for Galaxy phones.
Also mentioned is that the February patch also fixes a flaw in the ‘TEEGRIS devices’ wherein TEE means Trust Execution Environment and is found in newer Galaxy phones that feature the company’s own TEE operating system. In case you didn’t know, Samsung Galaxy S10 is one of the TEEGRIS devices.
Here is all the information is taken from Google Project Zero and we are not responsible for any wrong details and if you have some suggestions so please let us know in the comment section.
