Security News > 2020 > February > Google: Protections Added by Samsung to Android Kernel Increase Attack Surface
A Google Project Zero researcher claims that some of the security features added by Samsung to the Android kernel don't provide meaningful protection and they actually increase the attack surface.
Project Zero researcher Jann Horn has analyzed the Android kernel shipped by Samsung with its Galaxy A50 phones and found that some security features added by the tech giant actually make security worse.
Samsung's kernel includes a protection feature designed to prevent attackers from reading or modifying user data.
Exploitation also involves another vulnerability - an information disclosure flaw in the Linux kernel tracked as CVE-2018-17972 - that had been patched in the Linux kernel and the Android common kernel, but not in the Android kernel shipped by Samsung to its phones.
Horn says he has not analyzed the kernel in other Samsung phones besides the A50, but he noted that vendor-specific modifications made to core kernel functionality in general can introduce vulnerabilities and make it more difficult to "Lock down the attack surface."
News URL
Related news
- Google fixes two Android zero-days used in targeted attacks (source)
- Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System (source)
- Google patches actively exploited Android vulnerability (CVE-2024-43093) (source)
- Google's mysterious 'search.app' links leave Android users concerned (source)
- Week in review: Zero-click flaw in Synology NAS devices, Google fixes exploited Android vulnerability (source)
- Google launches on-device AI to alert Android users of scam calls in real-time (source)
- Google's New Restore Credentials Tool Simplifies App Login After Android Migration (source)
- SpyLoan Android malware on Google play installed 8 million times (source)
- 8 Million Android Users Hit by SpyLoan Malware in Loan Apps on Google Play (source)
- Windows kernel bug now exploited in attacks to gain SYSTEM privileges (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-10-03 | CVE-2018-17972 | Race Condition vulnerability in multiple products An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. | 5.5 |