Technology News
loading
  • Home
  • Mobiles
  • Mobiles News
  • Pixel 6, Samsung Galaxy S22 Series, Other Android 12 Devices Vulnerable to Attacks Due to ‘Dirty Pipe’ Bug

Pixel 6, Samsung Galaxy S22 Series, Other Android 12 Devices Vulnerable to Attacks Due to ‘Dirty Pipe’ Bug

Google is already aware of the security issue but is yet to confirm its fix.

By Jagmeet Singh | Updated: 9 March 2022 19:31 IST
Pixel 6, Samsung Galaxy S22 Series, Other Android 12 Devices Vulnerable to Attacks Due to ‘Dirty Pipe’ Bug

Photo Credit: Unsplash/ Jonas Elia

Google Pixel 6 was used to reproduce the highly severe bug

Highlights
  • ‘Dirty Pipe’ vulnerability first appeared on Linux kernel version 5.8
  • Google merged the bug fix given by a researcher into the Android kernel
  • The vulnerability could allow attackers to gain full root access

Google Pixel 6, Samsung Galaxy S22, and some other new devices running on Android 12 are affected by a highly severe Linux kernel vulnerability called “Dirty Pipe.” The vulnerability can be exploited by a malicious app to gain system-level access and overwrite data in read-only files on the system. First noticed on the Linux kernel, the bug was reproduced by a security researcher on Pixel 6. Google was also informed about its existence to introduce a system update with a patch.

Security researcher Max Kellermann of German Web development company CM4all spotted the ‘Dirty Pipe' vulnerability. Shortly after Kellermann publicly disclosed the security loophole this week that has been recorded as CVE-2022-0847, other researchers were able to detail its impact.

 

As per Kellermann, the issue existed in the Linux kernel since the version 5.8, though it was fixed in the Linux 5.16.11, 5.15.25, and 5.10.102. It is similar to the ‘Dirty COW' vulnerability but is easier to exploit, the researcher said.

The ‘Dirty COW' vulnerability had impacted Linux kernel versions created before 2018. It also impacted users on Android, though Google fixed the flaw by releasing a security patch back in December 2016.

An attacker exploiting the ‘Dirty Pipe' vulnerability can gain access to overwrite data in read-only files on the Linux system. It could also allow hackers to create unauthorised user accounts, modify scripts, and binaries by gaining backdoor access.

Since Android uses the Linux kernel as core, the vulnerability has a potential to impact smartphone users as well. It is, however, limited in nature as of now — thanks to the fact that most Android releases are not based on the Linux kernel versions that are affected by the flaw.

“Android before version 12 is not affected at all, and some Android 12 devices — but not all — are affected,” Kellermann told Gadgets 360.

The researcher also said that if the device was vulnerable, the bug could be used to gain full root access. This means that it could be used to allow an app to read and manipulate encrypted WhatsApp messages, capture validation SMS messages, impersonate users on arbitrary websites, and even remotely control any banking apps installed on the device to steal money from the user.

Kellermann was able to reproduce the bug on Google Pixel 6 and reported its details to the Android security team in February. Google also merged the bug fix into the Android kernel shortly after it received the report from the researcher.

However, it is unclear whether the bug has been fixed through the March security patch that was released earlier this week.

In addition to the Pixel 6, the Samsung Galaxy S22 devices appear to be impacted by the bug, according to Ars Technica's Ron Amadeo.

Some other devices that are running on Android 12 out-of-the-box are also expected to be vulnerable to attacks due to the ‘Dirty Pipe' issue.

Gadgets 360 has reached out to Google and Samsung for clarity on the vulnerability and will inform readers when the companies respond.

Meanwhile, users are recommended to not install apps from any third-party sources. It is also important to avoid installing any untrusted apps and games, and make sure to have the latest security patches installed on the device.

What should you know about MWC 2022? We discuss this on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Advertisement
Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Further reading: Google Pixel 6, Google Pixel 6 Pro, Samsung Galaxy S22, Samsung Galaxy S22 Plus, Samsung Galaxy S22 Ultra, Samsung, Dirty Pipe vulnerability, Dirty Pipe, Google, Android 12, Android
Jagmeet Singh
Jagmeet Singh
Jagmeet Singh writes about consumer technology for Gadgets 360, out of New Delhi. Jagmeet is a senior reporter for Gadgets 360, and has frequently written about apps, computer security, Internet services, and telecom developments. Jagmeet is available on Twitter at @JagmeetS13 or Email at jagmeets@ndtv.com. Please send in your leads and tips. More
Ukraine Crisis: Will Big Tech Cloud Companies Cut Off Russia?

Related Stories

Pixel 6, Samsung Galaxy S22 Series, Other Android 12 Devices Vulnerable to Attacks Due to ‘Dirty Pipe’ Bug
Comment
Share on Facebook Tweet Snapchat Share Reddit Comment
 
 

Advertisement

Advertisement
Best Deals of the Day »
Follow Us
Tech News in Hindi
More Technology News in Hindi
Latest Videos
More Videos

Advertisement

Popular Gadgets
Latest Gadgets
Popular Brands
#Trending Stories
  1. Cryptocurrency: US President Signs Executive Order on Government Oversight
  2. Redmi Note 11 Pro, Redmi Note 11 Pro+ 5G, Redmi Watch 2 Lite Launched in India
  3. iPhone SE (2022) With A15 Bionic Chip Goes Official: All Details
  4. iPhone SE (2022) vs iPhone XR vs iPhone 11: Price, Specifications Compared
  5. Vu Masterpiece Glo QLED TV Series With 4K Bezel-Less Display Launched in India
  6. iPad Air (2022) With Apple M1 SoC Launched: Price in India, Sale Date
  7. Apple Event Highlights: All the Announcements From Apple's March 8 Event
  8. iPhone 13 Lineup Arrives in a New Colour: How to Pre-order
  9. Vivo Y01 With MediaTek Helio P35 SoC Launched
  10. Oppo Find X5 Pro First Impressions: A Stunningly Designed Flagship
#Latest Stories
  1. Pixel 6, Samsung Galaxy S22 Series, Other Android 12 Devices Vulnerable to Attacks Due to ‘Dirty Pipe’ Bug
  2. US SEC Presses Charges Against Siblings for Cryptocurrency Fraud Worth $124 Million
  3. Samsung Galaxy Book 2 Pro, Galaxy Book 2 Pro 360 India Launch Tipped by Amazon, Official Website Listing
  4. Clearview AI Facial Recognition Firm Faces EUR 200-Million Fine in Italy Over Controversial Data Collection
  5. Bain Capital Ventures Unveils $560 Million Fund for Crypto, Blockchain Projects
  6. Binance Attempts to Push Shiba Inu Trading by Enticing New Users with Free SHIB Tokens
  7. Telegram Thrives in Ukraine Disinformation Battle, CEO Pavel Durov Commits to User Privacy
  8. Microsoft-Activision Deal: US Reportedly Probes Options Trade Gained on Acquisition
  9. Google Launches Harassment Manager to Filter Unwanted Comments From Twitter, Other Social Media Platforms
  10. Dune OTT Release Date Set for March 25 on Amazon Prime Video in India
Gadgets 360 is available in
Follow Us
Download Our Apps
App Store App Store
Available in Hindi
App Store
© Copyright Red Pixels Ventures Limited 2022. All rights reserved.