Android Smartphone Users, Watch Out for This New Security Risk Called ‘Dirty Pipe’

Android smartphones are seemingly exposed to a new type of vulnerability that may give attackers full control of your device. Spotted by a researcher named Max Kellermann, the new exploit has the potential to compromise Android 12-powered smartphones like Samsung Galaxy S22 series, Google Pixel 6 series and more. Identified as ‘CVE-2022-0847’ and dubbed ‘Dirty Pipe’, Kellermann’s blog post notes that the vulnerability in the Linux kernel 5.8 allows “overwriting data in arbitrary read-only files”. Since Android is built on the Linux kernel (kernel is the core of the operating system), the vulnerability poses threats to any Android-powered devices like smartphones, smart speakers, TV, and more. However, Ars Technica’s Ron Amadeo points out that the damage potential of ‘Dirty Pipe’ is far more limited as “Linux 5.8 and above has only been an Android option for five months”.

ALSO READ: China Behind Hacking of US Govt Agencies in 6 States: Cybersecurity Firm Mandiant

How Does Dirty Pipe Exploit Work?

The Dirty Pipe is named after the Dirty Cow vulnerability that was discovered in 2016. Kellermann suggests the two are similar, but the latter is “easier to exploit”. The post explains the new exploit is a ‘privilege-escalation’ vulnerability that lets hackers obtain unauthorised access despite a security perimeter. A simple overview would be that Dirty Pipe affects ‘pipes’ within Linux that help in the transfer of data. If this “unidirectional inter-process communication” channel is compromised, hackers can change the contents of a file or gain access to the full device, as noted by 9to5Google.

The post notes that the Linux vulnerability was alerted to the Linux Kernel security team in early February, and the issue is fixed with multiple releases (5.16.11, 5.15.25, 5.10.102). Google is yet to release a patch for the ‘Dirty Pipe CVE-2022-0847’ exploit.

Dirty Pipe Protection

Since it is a fairly new vulnerability that was disclosed to the public earlier this month, many details remain unclear. For instance, it seems that the ‘Dirty Pipe CVE-2022-0847’ is still an active exploit in the wild and the scale of affected users remains unclear. Developer…