The security world has been in an uproar over a new Linux exploit called “Dirty Pipe,” which also affects Android 12 devices like the Galaxy S22 and Pixel 6. Here’s everything you need to know about “Dirty Pipe,” what devices affects and how to do better. to avoid it
What can Dirty Pipe do?
Recently revealed by Max Kellermann as vulnerability CVE-2022-0847, “Dirty Pipe” is a security exploit in selected recent versions of the Linux kernel. (The kernel is the core of an operating system, and often acts as an intermediary between applications and your actual hardware.) In short, any app that can read files on your phone/computer, a permission many Android apps ask for, can potentially mess with your files or execute malicious code. On desktop/laptop versions of Linux, it has already been shown that this can easily get admin privileges.
In a nutshell, this exploit could easily give an attacker full control of your device.
What devices are affected by “Dirty Pipe”?
Generally speaking, “Dirty Pipe” affects Linux devices, which includes everything from Android phones and Chromebooks to Google Home devices like Chromecasts, speakers, and displays. More specifically, the bug was introduced with version 5.8 of the Linux kernel, released in 2020, and remained present in future versions.
On the Android side of things, as you pointed out Ars Technica‘s Rum Amadeo, the potential damage of “Dirty Pipe” is much more limited. Most Android devices actually use an older version of the Linux kernel, which is not affected by the exploit. Only devices that started life with Android 12 are likely to be affected.
Unfortunately, that means Android phones like the Google Pixel 6 series and the Samsung Galaxy S22 series are potentially at risk of “Dirty Pipe.” In fact, the developer who originally discovered the exploit was able to reproduce it on a Pixel 6 and reported it to Google.
The easiest way to check if your device is affected is to look at your Linux kernel version. To do so, open the Settings app, open “About phone”, tap “Android version” and then find “Kernel version”. If you see a version higher than 5.8, and if Google has not yet released a security patch, then your device is potentially at risk from the “Dirty Pipe” exploit.
To find this same information in Chrome OS, open a new tab and navigate to chrome://system and scroll down to “uname”. You should see something like the text below. If the number after “Linux localhost” is greater than 5.8, your device may be affected.
Are attackers using the exploit?
So far, there are no known cases where the “Dirty Pipe” exploit has been abused to gain control of a phone or computer. That said, quite a few developers have shown proof-of-concept examples of how easily “Dirty Pipe” can be used. It is surely only a matter of time before “Dirty Pipe”-based vulnerabilities start appearing in the wild.
The most recently seen example (via Max Weinbach) shows the use of Dirty Pipe for very quickly gain root access on both the Pixel 6 and Galaxy S22 using a proof-of-concept app. While the exploit had previously been confirmed to be possible on the Pixel 6, this demo, posted by Fire30, is the first to show Dirty Pipe in action on an Android phone.
What are Google and other companies doing?
In addition to originally discovering the “Dirty Pipe” exploit, Kellermann was also able to identify how to fix it and submitted a fix to the Linux Kernel Project shortly after disclosing it privately. Two days later, newer versions of the supported Linux kernel versions were released to include the fix.
As mentioned above, the “Dirty Pipe” exploit was also reported to Google’s Android Security team in late February. Within days, Kellermann’s solution was added to android source code, ensuring that future builds are safe. The Chrome OS team did the same and picked up the fix at 7 of Marchwith the solution apparently ready to be implemented potentially as a mid-cycle update to Chrome OS 99.
However, given how new both the exploit and the fix are, the issue does not appear to have been included in the Android Security Bulletin March 2022. It is not clear at this time if a special patch will be created for affected devices like the Pixel 6 series or if the exploit will be available until next month’s security patch. According to AndroidPolice ryne hagerGoogle has confirmed that the recent delay to the Pixel 6 March patch is not related to the “Dirty Pipe” exploit.
Update 4/4: Just in time, Google released the April 2022 Patch to the Pixel 6 series and other Pixel phones. However, neither the Android Security Bulletin for this month or the Pixel Specific Patch Notes make any mention of the Dirty Pipe exploit. This suggests that the Dirty Pipe exploit will still be available for the phone until at least next month’s patch.
Galaxy phones have also started receiving your April 2022 update starting this week. However, as Samsung doesn’t release the patch notes until later in the month, we still can’t be sure if the Galaxy S22 series is still affected by Dirty Pipe.
Update 5/3: Google has now released the May 2022 security patch for Pixel phones and released the most comprehensive Android Security Bulletin for the month. The bulletin directly mentions the Dirty Pipe exploit, which means that all phones with the May 2022 security update or later are sure to be safe from attackers.
Namely, we have confirmed that the fix appeared on Pixel 6 devices with the May 2022 update, as the phone includes a newer version of the Linux kernel. Since the builds were created in March, they include the Dirty Pipe fix from February. Interestingly, the new kernel version is a bit older than the one seen in the Second June Pixel Feature Drop Beta Test.
#1 Fri Jan 21 06:54:49 UTC 2022
#1 Mon Mar 7 01:27:36 UTC 2022
Since the Pixel 6 and Galaxy S22 were the only devices affected by Dirty Pipe, and any newer devices should launch with the May 2022 update or later, this should mark the end of the Dirty Pipe exploit on Android.
How does “Dirty Tube” work?
For the technically inclined, especially those with a Linux background, Kellermann Has published an interesting article on how “Dirty Pipe” was inadvertently discovered and the core mechanisms of how it works.
Here’s an (over)simplified explanation: As the name “Dirty Pipe” suggests, it has to do with the Linux concepts of “pipes”, which are used to carry data from one application or process to another, and “pages”, small fragments. of your RAM. Indeed, it is possible for an application to manipulate Linux pipes in a way that allows it to insert its own data into a memory page.
By doing so, it is possible for the attacker to easily change the content of a file you are trying to open or even give themselves full control of your computer.
How can I keep my device secure?
As of May 2022, Dirty Pipe has been fixed on both the Google Pixel 6 series and the Samsung Galaxy S22 series, the only known affected phones. To make sure your device is safe, just update your phone software. On Pixel phones, you can do this in the Settings app; under “System”, you should find “System Update”. If you see an “Android security update” from May 2022 or later, your device is safe.
FTC: We use automatic affiliate links that generate income. Plus.