December 4, 2022

TECHNICALME

Tech News at your Fingertips

Researcher uses Dirty Pipe exploit to fully root a Pixel 6 Pro and Samsung S22

3 min read
Researcher uses Dirty Pipe exploit to fully root a Pixel 6 Pro and Samsung S22


Stylish illustration of a robot holding a smart tablet.

A researcher has used a critical Dirty Pipe vulnerability in Linux to completely root two models of Android phones—a Pixel 6 Pro and a Samsung S22—to harness the power to exploit a newly discovered OS flaw. Presents.

The researcher chose those two handset models for a good reason: They are two of the few – if not the only – devices known to run Android version 5.10.43, the only release of Google’s mobile OS for Dirty Pipes. is unsafe. Since the LPE, or local privilege escalation, vulnerability was not introduced until the recently released version 5.8 of the Linux kernel, the universe of exploitable devices—whether mobile, Internet of Things, or servers and desktops—is relatively small.

Behold, a reverse shell with root privileges

But for devices that do package affected Linux kernel versions, Dirty Pipe hackers—both benign and malicious—provide a platform for bypassing common security controls and gaining full root control. From there, a malicious app can secretly steal authentication credentials, photos, files, messages, and other sensitive data. as i reported last weekDirty Pipes is one of the most serious Linux threats to appear since 2016, the year another high-severity and easy-to-exploit Linux flaw called Dirty Cow came to light.

Android uses security mechanisms like selinux and sandboxing, which often makes adventures difficult, if not impossible. Despite the challenge, successful Android root shows that Dirty Pipe is a viable attack vector against vulnerable devices.

“This is exciting because most Linux kernel vulnerabilities are not going to be useful to exploit Android,” valentina palmiotti, lead security researcher at security firm Grapple said in an interview. The exploit” is notable because there have been only a few public Android LPEs in recent years (compare this to iOS where there are many). However, because it only works on the 5.8 kernel and above, it is limited to the two devices we use. Saw it in the demo.”

In video display Published on Twitter, a security researcher who asked to be identified only by his Twitter handle fire30 Runs a custom-built app he wrote, first on a Pixel 6 Pro and then a Samsung S22. Within seconds, a reverse shell that gives full root access opens on a computer connected to the same Wi-Fi network. From there, the Fire 30 has the ability to override most of the security protections built into Android.

The received root is tethered, which means it cannot survive a reboot. This means that hobbyists who want to root their devices so they don’t have the capabilities normally available will have to complete the process every time the phone turns on, a requirement that is unattractive to many rooting aficionados. However, researchers may find this technique more valuable, as it allows them to make diagnoses that would not otherwise be possible.

But perhaps the group most interested in will be people trying to install malicious merchandise. As the video shows, the attacks have the potential to be swift and stealthy. Only local access to the device is required, usually in the form of running a malicious app on it. Even though the universe of vulnerable devices is relatively small, there’s no doubt that Dirty Pipes can be used to make a whole lot of compromises.

“This is a highly reliable exploit that will work without optimization on all vulnerable systems,” Christoph Hebison, head of security research at mobile security provider Lookout, wrote in an email. “This makes it an extremely attractive exploit for attackers to use. I expect weaponized versions of the exploit to appear, and when a vulnerable device is encountered they will be used as the preferred exploit because the exploit is reliable. Furthermore, it may well be included in rooting tools for users looking to root their devices.”

This is also because other types of devices running vulnerable versions of Linux can also be easily rooted with Dirty Pipes. On Monday, storage device maker QNAP said that some of its NAS devices are affected by the vulnerability and the company’s engineers are investigating exactly how. QNAP currently does not have any minimization available and is recommending that users check back and install security updates as they become available.





Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © All rights reserved. | Newsphere by AF themes.