Security experts discovered a new method of rooting Android devices using a bug that lay undiscovered in the Linux kernel for nine years. The technique works reliably on every version of Android across a wide range of hardware and allows hackers to bypass limitations imposed by manufacturers.
The technique depends on Dirty Cow, a privilege-escalation bug found in a section of the Linux kernel shipped with every modern OS built atop the kernel, including Android. Exploiting the vulnerability takes minimal effort, making it among the worst privilege elevation flaws to ever hit the open-source OS.
Rooting — or acquiring root access — isn’t malicious in and of itself; by definition, the technique grants users “super-admin access” of their device’s operating system to overcome the default limitations imposed by carriers and manufacturers. Once rooted, users may gain complete control over hardware and software settings to unlock otherwise unavailable features and install custom software and apps. For example, users can:
1. Obtain in-depth control over the phone’s performance metrics, overclocking the CPU for higher performance or underclocking it to increase battery life.
2. Flash custom kernel to unlock extra features like Wi-Fi tethering on unsupported phones, faster battery charging, and more.
3. Flash custom ROMs to install custom versions of Android that bring later versions of Android to phones that don’t have it yet (like installing Android 6.0 on my Galaxy S5). Flash ROM to install custom Android-based operating systems that are built off of Android but aren’t Android.
What's more, maliciously performed rooting grants attackers an elevated level of control over the core OS function. Dirty Cow demonstrates that attackers with limited access may easily elevate their privilege level with a single line of code, which, when snuck into a shady app in the app store, circumvents security measures built into Android. What makes the exploit so dangerous is the ease with which it's implemented and the widespread vulnerability, especially for the latest devices running more recent versions of the OS. Because it occurs on the kernel level, the vulnerability is almost impossible to detect with antivirus and security software, and there’s no evidence of any malicious actions taken.
Users can’t contract the exploit without first downloading a tainted file, so the good news is that hackers have to first gain access to your system before they can even approach the kernel stack. In that case, standard protection against code execution should prevent the vulnerability’s exploitation. Avoid downloading shady apps.
To put it technically, the bug involves a race condition found in the Linux kernel’s memory subsystem duplication technique known as copy-on-write. Underprivileged users could use the flaw to gain write access to otherwise read-only memory mapping and compromise the entire phone.
Despite the bug’s patching in the mainline Linux kernel, it remains exploitable on every Android phone on the market until each device receives its appropriate kernel patch. Unfortunately, devices remain vulnerable until November’s Android patch batch, which, ironically, won’t be available on every device due to patching limitations set by the carriers.
Source: Ars Technica , XDA-Developers, SecurityMetrics, and Github
Advertisement
Learn more about Electronic Products Magazine
