• Home
  • Mobiles
  • Mobiles News
  • Pixel 6, Samsung Galaxy S22 Series, Other Android 12 Devices Vulnerable to Attacks Due to ‘Dirty Pipe’ Bug

Pixel 6, Samsung Galaxy S22 Series, Other Android 12 Devices Vulnerable to Attacks Due to ‘Dirty Pipe’ Bug

Google is already aware of the security issue but is yet to confirm its fix.

Pixel 6, Samsung Galaxy S22 Series, Other Android 12 Devices Vulnerable to Attacks Due to ‘Dirty Pipe’ Bug

Photo Credit: Unsplash/ Jonas Elia

Google Pixel 6 was used to reproduce the highly severe bug

Highlights
  • ‘Dirty Pipe’ vulnerability first appeared on Linux kernel version 5.8
  • Google merged the bug fix given by a researcher into the Android kernel
  • The vulnerability could allow attackers to gain full root access

Google Pixel 6, Samsung Galaxy S22, and some other new devices running on Android 12 are affected by a highly severe Linux kernel vulnerability called “Dirty Pipe.” The vulnerability can be exploited by a malicious app to gain system-level access and overwrite data in read-only files on the system. First noticed on the Linux kernel, the bug was reproduced by a security researcher on Pixel 6. Google was also informed about its existence to introduce a system update with a patch.

Security researcher Max Kellermann of German Web development company CM4all spotted the ‘Dirty Pipe' vulnerability. Shortly after Kellermann publicly disclosed the security loophole this week that has been recorded as CVE-2022-0847, other researchers were able to detail its impact.

 

As per Kellermann, the issue existed in the Linux kernel since the version 5.8, though it was fixed in the Linux 5.16.11, 5.15.25, and 5.10.102. It is similar to the ‘Dirty COW' vulnerability but is easier to exploit, the researcher said.

The ‘Dirty COW' vulnerability had impacted Linux kernel versions created before 2018. It also impacted users on Android, though Google fixed the flaw by releasing a security patch back in December 2016.

An attacker exploiting the ‘Dirty Pipe' vulnerability can gain access to overwrite data in read-only files on the Linux system. It could also allow hackers to create unauthorised user accounts, modify scripts, and binaries by gaining backdoor access.

Since Android uses the Linux kernel as core, the vulnerability has a potential to impact smartphone users as well. It is, however, limited in nature as of now — thanks to the fact that most Android releases are not based on the Linux kernel versions that are affected by the flaw.

“Android before version 12 is not affected at all, and some Android 12 devices — but not all — are affected,” Kellermann told Gadgets 360.

The researcher also said that if the device was vulnerable, the bug could be used to gain full root access. This means that it could be used to allow an app to read and manipulate encrypted WhatsApp messages, capture validation SMS messages, impersonate users on arbitrary websites, and even remotely control any banking apps installed on the device to steal money from the user.

Kellermann was able to reproduce the bug on Google Pixel 6 and reported its details to the Android security team in February. Google also merged the bug fix into the Android kernel shortly after it received the report from the researcher.

However, it is unclear whether the bug has been fixed through the March security patch that was released earlier this week.

In addition to the Pixel 6, the Samsung Galaxy S22 devices appear to be impacted by the bug, according to Ars Technica's Ron Amadeo.

Some other devices that are running on Android 12 out-of-the-box are also expected to be vulnerable to attacks due to the ‘Dirty Pipe' issue.

Gadgets 360 reached out to Samsung for clarity on the vulnerability, and the company responded by saying that it is releasing the security updates to address the issue soon. Google, though, didn't respond to a request for comment on the matter.

Meanwhile, users are recommended to not install apps from any third-party sources. It is also important to avoid installing any untrusted apps and games, and make sure to have the latest security patches installed on the device.


What should you know about MWC 2022? We discuss this on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated - see our ethics statement for details.
  • REVIEW
  • KEY SPECS
  • NEWS
  • Design
  • Display
  • Software
  • Performance
  • Battery Life
  • Camera
  • Value for Money
  • Good
  • Small and compact
  • Quality AMOLED display
  • Impressive performance
  • Good battery life
  • IP68 rated
  • Bad
  • Heats up easily with camera use
  • No bundled charger
Display 6.10-inch
Processor Qualcomm Snapdragon 8 Gen 1
Rear Camera Unspecified
RAM 8GB
Storage 128GB, 256GB
Battery Capacity 3,700mAh
OS Android 12
  • REVIEW
  • KEY SPECS
  • NEWS
  • Design
  • Display
  • Software
  • Performance
  • Battery Life
  • Camera
  • Value for Money
  • Good
  • Quality AMOLED display
  • Impressive performance
  • Good battery life
  • IP68 rated
  • Bad
  • Heats up easily with camera use
  • No bundled charger
  • Not the best value offering in the series
Display 6.60-inch
Processor Qualcomm Snapdragon 8 Gen 1
Front Camera 10-megapixel
Rear Camera 50-megapixel + 12-megapixel + 10-megapixel + 10-megapixel
RAM 8GB
Storage 128GB, 256GB
Battery Capacity 4,500mAh
OS Android 12
  • REVIEW
  • KEY SPECS
  • NEWS
  • Design
  • Display
  • Software
  • Performance
  • Battery Life
  • Camera
  • Value for Money
  • Good
  • In-built S Pen stylus
  • Superb display
  • Impressive performance
  • Versatile cameras
  • Good battery life
  • IP68 rated
  • Bad
  • Gets warm easily under load
  • Big and bulky
  • No bundled charger
  • Expensive
Display 6.80-inch
Processor Qualcomm Snapdragon 8 Gen 1
Front Camera 40-megapixel
Rear Camera 108-megapixel + 12-megapixel + 10-megapixel
RAM 8GB, 12GB
Storage 128GB, 256GB, 512GB, 1TB
Battery Capacity 5000mAh
OS Android 12
Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Ukraine Crisis: Will Big Tech Cloud Companies Cut Off Russia?
Twitter Unveils Tor Version of Site That Can Bypass Russia Block Amid Ukraine Crisis
Share on Facebook Tweet Snapchat Share Reddit Comment google-newsGoogle News
 
 

Advertisement

Follow Us

Advertisement

© Copyright Red Pixels Ventures Limited 2023. All rights reserved.