Security News > 2020 > February > Google: Protections Added by Samsung to Android Kernel Increase Attack Surface
A Google Project Zero researcher claims that some of the security features added by Samsung to the Android kernel don't provide meaningful protection and they actually increase the attack surface.
Project Zero researcher Jann Horn has analyzed the Android kernel shipped by Samsung with its Galaxy A50 phones and found that some security features added by the tech giant actually make security worse.
Samsung's kernel includes a protection feature designed to prevent attackers from reading or modifying user data.
Exploitation also involves another vulnerability - an information disclosure flaw in the Linux kernel tracked as CVE-2018-17972 - that had been patched in the Linux kernel and the Android common kernel, but not in the Android kernel shipped by Samsung to its phones.
Horn says he has not analyzed the kernel in other Samsung phones besides the A50, but he noted that vendor-specific modifications made to core kernel functionality in general can introduce vulnerabilities and make it more difficult to "Lock down the attack surface."
News URL
Related news
- Windows kernel bug now exploited in attacks to gain SYSTEM privileges (source)
- Ongoing phishing attack abuses Google Calendar to bypass spam filters (source)
- Google Project Zero Researcher Uncovers Zero-Click Exploit Targeting Samsung Devices (source)
- Google takes action after coder reports 'most sophisticated attack I've ever seen' (source)
- Google blocked 2.36 million risky Android apps from Play Store in 2024 (source)
- Google Bans 158,000 Malicious Android App Developer Accounts in 2024 (source)
- Google says hackers abuse Gemini AI to empower their attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-03 | CVE-2018-17972 | Race Condition vulnerability in multiple products An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. | 5.5 |