Google: Protections Added by Samsung to Android Kernel Increase Attack Surface
A Google Project Zero researcher claims that some of the security features added by Samsung to the Android kernel don’t provide meaningful protection and they actually increase the attack surface.
Project Zero researcher Jann Horn has analyzed the Android kernel shipped by Samsung with its Galaxy A50 phones and found that some security features added by the tech giant actually make security worse.
Samsung’s kernel includes a protection feature designed to prevent attackers from reading or modifying user data. However, Horn found that it not only fails to achieve its goal, it also introduces vulnerabilities that can be exploited for arbitrary code execution.
A PoC exploit developed by Horn shows how an attacker could access an accounts database containing sensitive authentication tokens.
Exploitation also involves another vulnerability — an information disclosure flaw in the Linux kernel tracked as CVE-2018-17972 — that had been patched in the Linux kernel and the Android common kernel, but not in the Android kernel shipped by Samsung to its phones.
“Samsung’s protection mechanisms won’t provide meaningful protection against malicious attackers trying to hack your phone, they only block straightforward rooting tools that haven’t been customized for Samsung phones,” Horn said. “My opinion is that such modifications are not worth the cost because: they make it more difficult to rebase onto a new upstream kernel, which should be happening more often than it currently does; they add additional attack surface.”
Samsung has patched these and other vulnerabilities reported by Google Project Zero researchers with its February 2020 updates. This includes CVE-2018-17972.
Horn says he has not analyzed the kernel in other Samsung phones besides the A50, but he noted that vendor-specific modifications made to core kernel functionality in general can introduce vulnerabilities and make it more difficult to “lock down the attack surface.”
“I believe that device-specific kernel modifications would be better off either being upstreamed or moved into userspace drivers, where they can be implemented in safer programming languages and/or sandboxed, and at the same time won’t complicate updates to newer kernel releases,” the researcher said.
He added, “That I was able to reuse an infoleak bug here that was fixed over a year ago shows, once again, that the way Android device branches are currently maintained is a security problem. While I have criticized some Linux distributions in the past for not taking patches from upstream in a timely manner, the current situation in the Android ecosystem is worse. Ideally, all vendors should move towards using, and frequently applying updates from, supported upstream kernels.”
SecurityWeek has reached out to Samsung for comment and will update this article if the company responds.