Security Bug In Linux May Affect Over Half Of All Android Devices

For those not in the know, a kernel, the core of any Linux-based system, controls things like the hardware to driver interface, core command software and input/output. This core is present in any devices running a Linux backend. To spare you the exhaustive list, Linux-based PCs and servers, along with all Android devices, are on that list. A security research firm called Perception Point has identified and reported a security hole that could affect up to 66 percent of all Android devices, among other devices running a Linux kernel as the core software. The exploit has not been spotted in the wild so far and, for all intents and purposes has been patched, but users should still exercise caution.

The exploit is what's called a "privilege escalation" exploit. This exploit makes use of a memory leak in the keyring software, required for storing and interfacing with authentication credentials. Essentially, the idea is to obtain root privileges on a device. In testing, Perception Point was able to do just that. In gory detail, the exploit can work because applications are all allowed to create and manage their own keyrings; this includes sharing them. Once a keyring is in a system's internals, it sticks around for the duration of a given login session and can be called upon by name, under the right circumstances. Objects, being assets or bits of code that have been saved, can be shared between applications. Naturally, the same applies to keyrings. Normally, when an object or application makes an invalid request for a keyring, it's either ignored and given an error message or a new one is generated. When a keyring call is for the same keyring an application is already using, however, it skips a vital step in that process and ends up allowing users to grab the credentials of the current keyring.

This can cause a memory leak if used in just the wrong way, but the true consequences run a bit deeper. Using the leaked details, if a user can trick the system into creating the same leak for a different object, the system will think the object has been freed. A freed object can then be used for an overflow attack that will, in essence, trick the system into executing whatever code the attacker wants. This can be anything ranging from downloading adware to full control. Any Linux Kernel version 3.8 and higher has the bug in place, but Android devices in particular, have a scheme called SELinux that makes it a bit harder to trigger. For most users, the moral of the story here is to never trust strange software, as always. Developers, programmers and other interested parties can, of course, hit up the source link to see the entire disclosure in its full glory. Most applicable software developers should already be at work patching this one, so don't expect it to hang around for long or get too big.

Copyright ©2019 Android Headlines. All Rights Reserved
This post may contain affiliate links. See our privacy policy for more information.
You May Like These
More Like This:
About the Author
2018/10/Daniel-Fuller-2018.jpg

Daniel Fuller

Senior Staff Writer
Daniel has been writing for Android Headlines since 2015, and is one of the site's Senior Staff Writers. He's been living the Android life since 2010, and has been interested in technology of all sorts since childhood. His personal, educational and professional backgrounds in computer science, gaming, literature, and music leave him uniquely equipped to handle a wide range of news topics for the site. These include the likes of machine learning, voice assistants, AI technology development, and hot gaming news in the Android world. Contact him at [email protected]
Android Headlines We Are Hiring Apply Now