Tag Archive for: Dirty

Researcher uses Dirty Pipe exploit to fully root a Pixel 6 Pro and Samsung S22

/in


Stylized illustration of a robot holding a smart tablet.

A researcher has successfully used the critical Dirty Pipe vulnerability in Linux to fully root two models of Android phones—a Pixel 6 Pro and Samsung S22—in a hack that demonstrates the power of exploiting the newly discovered OS flaw.

The researcher chose those two handset models for a good reason: They are two of the few—if not the only—devices known to run Android version 5.10.43, the only release of Google’s mobile OS that’s vulnerable to Dirty Pipe. Because the LPE, or local privilege escalation, vulnerability wasn’t introduced until the recently released version 5.8 of the Linux kernel, the universe of exploitable devices—whether mobile, Internet of Things, or servers and desktops—is relatively small.

Behold, a reverse shell with root privileges

But for devices that do package affected Linux kernel versions, Dirty Pipe offers hackers—both benign and malicious—a platform for bypassing normal security controls and gaining full root control. From there, a malicious app could surreptitiously steal authentication credentials, photos, files, messages, and other sensitive data. As I reported last week, Dirty Pipe is among the most serious Linux threats to be disclosed since 2016, the year another high-severity and easy-to-exploit Linux flaw named Dirty Cow came to light.

Android uses security mechanisms such as SELinux and sandboxing, which often make exploits hard, if not impossible. Despite the challenge, the successful Android root shows that Dirty Pipe is a viable attack vector against vulnerable devices.

“It’s exciting because most Linux kernel vulnerabilities are not going to be useful to exploit Android,” Valentina Palmiotti, lead security researcher at security firm Grapl, said in an interview. The exploit “is notable because there have only been a few public Android LPEs in recent years (compare that to iOS where there have been so many). Though because it only works 5.8 kernels and up, it’s limited to the two devices we saw in the demo.”

In a video demonstration published on Twitter, a security researcher who asked to be identified…

Source…

Android Smartphone Users, Watch Out for This New Security Risk Called ‘Dirty Pipe’

/in


Android smartphones are seemingly exposed to a new type of vulnerability that may give attackers full control of your device. Spotted by a researcher named Max Kellermann, the new exploit has the potential to compromise Android 12-powered smartphones like Samsung Galaxy S22 series, Google Pixel 6 series and more. Identified as ‘CVE-2022-0847’ and dubbed ‘Dirty Pipe’, Kellermann’s blog post notes that the vulnerability in the Linux kernel 5.8 allows “overwriting data in arbitrary read-only files”. Since Android is built on the Linux kernel (kernel is the core of the operating system), the vulnerability poses threats to any Android-powered devices like smartphones, smart speakers, TV, and more. However, Ars Technica’s Ron Amadeo points out that the damage potential of ‘Dirty Pipe’ is far more limited as “Linux 5.8 and above has only been an Android option for five months”.

ALSO READ: China Behind Hacking of US Govt Agencies in 6 States: Cybersecurity Firm Mandiant

How Does Dirty Pipe Exploit Work?

The Dirty Pipe is named after the Dirty Cow vulnerability that was discovered in 2016. Kellermann suggests the two are similar, but the latter is “easier to exploit”. The post explains the new exploit is a ‘privilege-escalation’ vulnerability that lets hackers obtain unauthorised access despite a security perimeter. A simple overview would be that Dirty Pipe affects ‘pipes’ within Linux that help in the transfer of data. If this “unidirectional inter-process communication” channel is compromised, hackers can change the contents of a file or gain access to the full device, as noted by 9to5Google.

The post notes that the Linux vulnerability was alerted to the Linux Kernel security team in early February, and the issue is fixed with multiple releases (5.16.11, 5.15.25, 5.10.102). Google is yet to release a patch for the ‘Dirty Pipe CVE-2022-0847’ exploit.

Dirty Pipe Protection

Since it is a fairly new vulnerability that was disclosed to the public earlier this month, many details remain unclear. For instance, it seems that the ‘Dirty Pipe CVE-2022-0847’ is still an active exploit in the wild and the scale of affected users remains unclear. Developer…

Source…

New Cyber Warning: ISIS Or Al-Qaeda Could Attack Using ‘Dirty Bomb’ – Forbes

/in

New Cyber Warning: ISIS Or Al-Qaeda Could Attack Using ‘Dirty Bomb’  Forbes

The most serious cyber warfare threats facing the West come from China and Russia, that much is undebatable, with Iran and North Korea a step or two behind.

“cyber warfare news” – read more

Dirty COW, an Exploit in the Linux Kernel, is Now Being Abused on Android by ZNIU – XDA Developers (blog)

/in

XDA Developers (blog)

Dirty COW, an Exploit in the Linux Kernel, is Now Being Abused on Android by ZNIU
XDA Developers (blog)
What's more, any device on Android 6.0 Marshmallow or lower is actually going to be at risk unless they received any security patches past December 2016, and unless said patches properly targeted the bug. With the negligence of many manufacturers to …

and more »

android security – read more