The recently discovered Linux vulnerability known as Dirty Cow (which reported last week) has been reported to also affect ARM Android devices.
Dirty Cow Vulnerability Roots Android Devices
While the vulnerability in the Linux kernel has already been patched, security researchers have discovered that it can work on Android devices running on the ARM architecture. This fact actually means that the majority of mobile smart devices are affected.
In brief this attack works by loading two files into the kernel memory – one of them is writable and the other isn’t. The system is then made to write over and over the files until a change in the file parameters is accomplished. At the sime the kernel is manipulated to access the memory regions of the second file, the one that is not able to be modified. A security vulnerability then follows which opens up a weak spot for the hackers to exploit. The advisory (coded with the CVE-2016-5195 reference advisory) shows that the Linux kernel eventually mixes up the memory buffer. As a result of this the hacker can overwrite the read-only file with arbitrary contents.
The news is that the Android operating system is also affected as it runs on top of the Linux kernel. A proof-of-concept project has already been published on GitHub by a user called Timwr. He demonstrated an attack with the program run-as. This allows applications to be run as if launched by a different user. The standard Google version of the program requires the users to have root privileges which would be the case if a developer uses it or a test device is used.
Rooting a device can contribute to several security issues that include the following scenarios:
- Making The Devices Inaccessible – Some rooting techniques can render real damage to the devices by breaking them. In general rooting always means modifying system code or manipulating critical files which can render permanent damage.
- Warranty Violation – Most device manufacturers have a policy of not accepting devices for repair if they have been rooted by their owners.
- Malware Intrusion Risks – Root access means that applications and the user can have access to system partitions and important data which by definition should be protected by the operating system. This enables dangerous malware such as Trojans and ransomware to efficiently spread to dangerous locations of the device’s files and memory making anti-virus solutions and security measures ineffective against them.
As a result of the app demonstration the device can be rooted. Device manufacturers are currently working on security updates that will amend the vulnerability.