Pixel 6, Samsung Galaxy S22 Series, Other Android 12 Devices Vulnerable to Attacks Due to ‘Dirty Pipe’ Bug

Google is already aware of the security issue but is yet to confirm its fix.

By Jagmeet Singh | Updated: 9 March 2022 19:31 IST

Pixel 6, Samsung Galaxy S22 Series, Other Android 12 Devices Vulnerable to Attacks Due to ‘Dirty Pipe’ Bug

Photo Credit: Unsplash/ Jonas Elia

Google Pixel 6 was used to reproduce the highly severe bug

Highlights

‘Dirty Pipe’ vulnerability first appeared on Linux kernel version 5.8
Google merged the bug fix given by a researcher into the Android kernel
The vulnerability could allow attackers to gain full root access

Google Pixel 6, Samsung Galaxy S22, and some other new devices running on Android 12 are affected by a highly severe Linux kernel vulnerability called “Dirty Pipe.” The vulnerability can be exploited by a malicious app to gain system-level access and overwrite data in read-only files on the system. First noticed on the Linux kernel, the bug was reproduced by a security researcher on Pixel 6. Google was also informed about its existence to introduce a system update with a patch.

Security researcher Max Kellermann of German Web development company CM4all spotted the ‘Dirty Pipe' vulnerability. Shortly after Kellermann publicly disclosed the security loophole this week that has been recorded as CVE-2022-0847, other researchers were able to detail its impact.

Hacked up a quick Dirty Pipe PoC that spawns a shell by hijacking (and restoring) the contents of a setuid binary. https://t.co/q8NtTlbgOZ pic.twitter.com/jxYUKYVCBo
— BLASTY (@bl4sty) March 7, 2022

As per Kellermann, the issue existed in the Linux kernel since the version 5.8, though it was fixed in the Linux 5.16.11, 5.15.25, and 5.10.102. It is similar to the ‘Dirty COW' vulnerability but is easier to exploit, the researcher said.

The ‘Dirty COW' vulnerability had impacted Linux kernel versions created before 2018. It also impacted users on Android, though Google fixed the flaw by releasing a security patch back in December 2016.

An attacker exploiting the ‘Dirty Pipe' vulnerability can gain access to overwrite data in read-only files on the Linux system. It could also allow hackers to create unauthorised user accounts, modify scripts, and binaries by gaining backdoor access.

Since Android uses the Linux kernel as core, the vulnerability has a potential to impact smartphone users as well. It is, however, limited in nature as of now — thanks to the fact that most Android releases are not based on the Linux kernel versions that are affected by the flaw.

“Android before version 12 is not affected at all, and some Android 12 devices — but not all — are affected,” Kellermann told Gadgets 360.

The researcher also said that if the device was vulnerable, the bug could be used to gain full root access. This means that it could be used to allow an app to read and manipulate encrypted WhatsApp messages, capture validation SMS messages, impersonate users on arbitrary websites, and even remotely control any banking apps installed on the device to steal money from the user.

Kellermann was able to reproduce the bug on Google Pixel 6 and reported its details to the Android security team in February. Google also merged the bug fix into the Android kernel shortly after it received the report from the researcher.

However, it is unclear whether the bug has been fixed through the March security patch that was released earlier this week.

In addition to the Pixel 6, the Samsung Galaxy S22 devices appear to be impacted by the bug, according to Ars Technica's Ron Amadeo.

Some other devices that are running on Android 12 out-of-the-box are also expected to be vulnerable to attacks due to the ‘Dirty Pipe' issue.

Gadgets 360 reached out to Samsung for clarity on the vulnerability, and the company responded by saying that it is releasing the security updates to address the issue soon. Google, though, didn't respond to a request for comment on the matter.

Meanwhile, users are recommended to not install apps from any third-party sources. It is also important to avoid installing any untrusted apps and games, and make sure to have the latest security patches installed on the device.

What should you know about MWC 2022? We discuss this on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.

Affiliate links may be automatically generated - see our ethics statement for details.

Google Pixel 6

KEY SPECS
NEWS

Display 6.40-inch

Processor Google Tensor

Front Camera 8-megapixel

Rear Camera 50-megapixel + 12-megapixel

RAM 8GB

Storage 128GB, 256GB

Battery Capacity 4614mAh

OS Android 12

Resolution 1080x2400 pixels

More Google mobiles Google mobiles price in India

Google Pixel 6 Pro

KEY SPECS
NEWS

Display 6.70-inch

Processor Google Tensor

Front Camera 11.1-megapixel

Rear Camera 50-megapixel + 12-megapixel + 48-megapixel

RAM 8GB, 12GB

Storage 128GB, 256GB

Battery Capacity 5003mAh

OS Android 12

Resolution 1440x3120 pixels

More Google mobiles Google mobiles price in India

Samsung Galaxy S22

REVIEW
KEY SPECS
NEWS

Design
Display
Software
Performance
Battery Life
Camera
Value for Money

Good
Small and compact
Quality AMOLED display
Impressive performance
Good battery life
IP68 rated

Bad
Heats up easily with camera use
No bundled charger

Read detailed Samsung Galaxy S22 review

Display 6.10-inch

Processor Qualcomm Snapdragon 8 Gen 1

Rear Camera Unspecified

RAM 8GB

Storage 128GB, 256GB

Battery Capacity 3,700mAh

OS Android 12

More Samsung mobiles Samsung mobiles price in India

Samsung Galaxy S22+

REVIEW
KEY SPECS
NEWS

Design
Display
Software
Performance
Battery Life
Camera
Value for Money

Good
Quality AMOLED display
Impressive performance
Good battery life
IP68 rated

Bad
Heats up easily with camera use
No bundled charger
Not the best value offering in the series

Read detailed Samsung Galaxy S22+ review

Display 6.60-inch

Processor Qualcomm Snapdragon 8 Gen 1

Front Camera 10-megapixel

Rear Camera 50-megapixel + 12-megapixel + 10-megapixel + 10-megapixel

RAM 8GB

Storage 128GB, 256GB

Battery Capacity 4,500mAh

OS Android 12

More Samsung mobiles Samsung mobiles price in India

Samsung Galaxy S22 Ultra

REVIEW
KEY SPECS
NEWS

Design
Display
Software
Performance
Battery Life
Camera
Value for Money

Good
In-built S Pen stylus
Superb display
Impressive performance
Versatile cameras
Good battery life
IP68 rated

Bad
Gets warm easily under load
Big and bulky
No bundled charger
Expensive

Read detailed Samsung Galaxy S22 Ultra review

Display 6.80-inch

Processor Qualcomm Snapdragon 8 Gen 1

Front Camera 40-megapixel

Rear Camera 108-megapixel + 12-megapixel + 10-megapixel

RAM 8GB, 12GB

Storage 128GB, 256GB, 512GB, 1TB

Battery Capacity 5000mAh

OS Android 12

More Samsung mobiles Samsung mobiles price in India

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Google Pixel 6, Google Pixel 6 Pro, Samsung Galaxy S22, Samsung Galaxy S22 Plus, Samsung Galaxy S22 Ultra, Samsung, Dirty Pipe vulnerability, Dirty Pipe, Google, Android 12, Android