Known as Dirty Pipe, this new Linux vulnerability also affects Android 12 devices including the Galaxy S22 and Pixel 6. It has caused quite a stir in the security community. Here is all the information you require regarding Dirty Pipe, the devices it affects, and the best ways to prevent it.
WHAT IS DIRTY PIPE CAPACITY? Dirty Pipe is a security attack in a few recent versions of the Linux kernel that was recently identified by disclosed by Max Kellermann as vulnerability CVE-2022-0847. (The kernel, the heart of an operating system, frequently serves as a bridge connecting programs and your physical hardware.) In other words, any program that has access to your phone’s or computer’s data—a permission that many Android apps request—can potentially tamper with those files or execute dangerous code. It has already been demonstrated that this may easily obtain administrative rights on desktop and laptop versions of Linux.
Simply simply, an attacker may quickly get total control of your device using this exploit.
WHAT DEVICE ARE DIRTY PIPE AFFECT? In general, Dirty Pipe impacts Linux-powered devices, which range from Google Home products like Chromecasts, speakers, and displays to Android phones and Chromebooks. More specifically, the flaw appeared in the Linux kernel 5.8 release in 2020 and persisted in later revisions.
The damage potential of Dirty Pipe on Android is far lower, as pointed out by Ars Technica’s Ron Amadeo . The Linux kernel used by the majority of Android devices is an older one that is not vulnerable to the hack. There is a probability that only smartphones that launched on Android 12 will be impacted.
Unfortunately, this means that Dirty Pipe could pose a threat to Android phones like the Samsung Galaxy S22 series and the Google Pixel 6 series. The guy who found the issue in the first place actually managed to duplicate it on a Pixel 6 and reported it to Google.
Viewing your Linux kernel version is the simplest approach to see if your device is affected. Open the Settings app, choose About phone, select Android version, then search for Kernel version. Your device may be vulnerable to the Dirty Pipe exploit if you see a version greater than 5.8 and if Google hasn’t yet provided a security fix.
Open a new tab, go to chrome:/system, and scroll down to uname to find the same information on Chrome OS. You ought to see text similar to what is seen below. Your device can be impacted if the number after Linux localhost is more than 5.8.
DO ASSAILANTS USE THE EXPLOIT? As of right now, no known cases of the Dirty Pipe exploit being misused to take control of a phone or computer have been reported. Despite this, numerous developers have provided proof-of-concept usage examples for Dirty Pipe. It won’t be long until Dirty Pipe-based exploits start to arise in the wild.
In the most recent case, which was discovered (through Max Weinbach ), a proof-of-concept program was used to swiftly gain root access on both the Pixel 6 and the Galaxy S22. Although the exploit has been confirmed to work on the Pixel 6, this demo from Fire30 is the first to demonstrate how it works on an Android device.
WHAT ARE COMPANIES LIKE GOOGLE DOING? Kellermann first discovered the Dirty Pipe exploit, was able to figure out how to patch it, and soon after privately revealing it, he submitted a fix to the Linux kernel project. Newer builds of compatible Linux kernel versions were made available two days later with the fix.
As was already mentioned, Google’s Android Security Team received a tip of the Dirty Pipe issue in late February. In a few of days, Kellermann’s fix was added to Android source code , guaranteeing the security of upcoming builds. The Chrome OS team adopted the update for March 7 in a same fashion, and it now appears that potentially as a mid-cycle update and Chrome OS 99 will soon receive the fix.
The problem does not, however, appear to have been covered in the March 2022 Android Security Bulletin, which is surprising given how recent both the exploit and the remedy are. At this time, it’s unclear if a specific fix will be developed for impacted devices like the Pixel 6 series or if the exploit will remain active until next month’s security patch. Google has verified that the recent delay to the March fix for the Pixel 6s is unrelated to the Dirty Pipe issue, according to Android Polices Ryne Hager .
Update 4/4: Google delivered the April 2022 patch for the Pixel 6 series and other Pixel phones right on schedule. However, the Dirty Pipe vulnerability is not included in either the disclosed by Max Kellermann 0 for this month or the disclosed by Max Kellermann 1. This means that the Dirty Pipe exploit will remain accessible for the phone at least until the fix that will be released in the following month.
As of this week, Galaxy phones have also started receiving their April 2022 update. We can’t yet say for sure whether the Galaxy S22 series is still impacted by Dirty Pipe, though, because Samsung doesn’t post patch notes until later in the month.
Update 5/3: Google has now released the larger Android Security Bulletin for May 2022 and has begun rolling out the May 2022 security fix to Pixel phones. Since the Dirty Pipe exploit is specifically mentioned in the bulletin, any phones running the May 2022 security update or later are guaranteed to be secure from intruders.
For example, given that the Pixel 6 lists a more recent Linux kernel version, we can validate that the patch started to surface on those devices with the May 2022 release. The Dirty Pipe fix from February is included in the builds because they were made in March. Curiously, the new kernel version is a little bit older than what was seen in the June Pixel Feature Drop’s second Beta test.
Fri, January 21, 06:54:49 UTC 2022 5.10.66-android12-9-00001-g51e133b6e4eb-ab8103786 #1
Before
Mon, Mar 7, 01:27:36 UTC 2022 5.10.66-android12-9-00007-g66c74c58ab38-ab8262750 #1
This should be the last instance of the Dirty Pipe Android exploit since only the Pixel 6 and Galaxy S22 were reported to be impacted, and any newer devices should ship with the May 2022 update or newer.
WORKINGS OF DIRTY PIPE Kellermann disclosed by Max Kellermann 2 has an intriguing write-up about how Dirty Pipe was accidentally discovered and the fundamental workings of it for the technically minded, especially those with Linux experience.
Here is a (oversimplified) explanation: as the name Dirty Pipe suggests, it has to do with Linux’s concepts of pipes, which are used to transfer data from one program or process to another and page out small amounts of RAM. In essence, an application has the ability to alter Linux pipes in a way that enables it to inject its own data into a page of memory.
By doing this, the attacker has a simple way to take complete control of your computer or even change the contents of a file you’re trying to open.
HOW CAN I ENSURE THAT MY DEVICE IS SAFE? The only smartphones confirmed to be affected by Dirty Pipe as of May 2022 are the Samsung Galaxy S22 series and the Google Pixel 6 series. Simply update your phone’s software to make sure your device is secure. You can perform this action on Pixel phones in the Settings app; under System, look for System update. Your smartphone is secure if you see an Android security update from May 2022 or later.
