Just over a month after Samsung announced its flagship Galaxy S22 series, a security researcher has discovered a major vulnerability that puts them and a handful of other Android phones at risk. Over the past few days, there have been a lot of questions and concerns regarding the exploit known as Dirty Pipe. Here’s the recap of the Dirty Pipe exploit, the phones affected, and what you can do to stay safe.
What is “Dirty Pipe?”
Dirty Pipe is the name given to the CVE-2022-0847 vulnerability, present in Linux kernel versions 5.8 and later. The researcher who discovered the problem found it through what was believed to be a bug that intermittently corrupted access logs on a machine. Further investigation of the precise cause indicated that the problem could be used as a very serious exploit. The mechanism is complicated, but in essence the vulnerability allows data to be injected into arbitrary files due to the way the Linux kernel reads, writes, and transmits data through so-called “pipes” – d where the name.
Because basically everything in Linux is a “file”, and because Dirty Pipe can selectively modify any file’s data (either directly or by the way the file is read via cache), this means that an attacker could use the exploit to modify system files. A malicious actor can use the Dirty Pipe exploit to inject arbitrary code to be executed by a privileged process. This code can then be used for all sorts of potential applications, like granting root permissions to other software and modifying the system without permission.
In less technical terms, Dirty Pipe is a vulnerability in Linux that allows a malicious application to take almost complete control of the system, and it’s scary.
Should I be worried?
The likelihood of falling victim to a Dirty Pipe attack on your Android phone or tablet is low, but there is still cause for alarm. Since Linux powers more than your nerdy friend’s servers and laptop, many devices are potentially at risk. Many in-car systems, smart home devices, set-top boxes, and even the majority of phones around the world run Linux – in the latter case, courtesy of Android. That said, most Android device owners need not worry.
For starters, Dirty Pipe only affects Android devices running Linux kernel versions 5.8 and later. There’s no comprehensive list of phones tied to specific Linux kernel versions, but many Android phones “live” on a specific kernel version their entire lives. Kernel 5.8 was released in 2020, but Android devices didn’t start getting newer versions until Android 12 was released. Generic kernel images complicate this a bit, but only the Pixel 6 and 6 Pro l are using, and consumer devices using kernel versions after 5.8 didn’t debut until Android 12 either.
In short, if your phone was launched with Android 11 or earlier, includingYou are safe from Dirty Pipe, and even if you’ve upgraded to Android 12, there’s no need to worry. That means more 2021 and earlier phones are not affected. However, some newer phones are affected.
We know Pixel 6, Pixel 6 Pro and Samsung Galaxy S22 series are affected by Dirty Pipe. Android Police has separately confirmed that the Xiaomi 12 Pro is running an affected version of the Linux kernel. Qualcomm confirmed to us that of all its chipsets, only the Snapdragon 8 Gen 1 could use an affected core. All of his other hardware should be unaffected.
Chances are that some (if not all) phones with the Snapdragon 8 Gen 1 chipset running Android 12 are potentially vulnerable. We’ve also reached out to Samsung and MediaTek for more information on their hardware, but neither company has yet responded to our inquiries.
How can I check if my phone is affected?
If you’re wondering if your phone might be vulnerable to Dirty Pipe, until things are fixed, checking is easy, but not always straightforward. The kernel version should be listed somewhere in your phone’s Settings app, but different companies put it in a different place (and some even name it differently). All you need to worry about for now is the first two digits of the kernel.
Follow the steps below to locate the kernel version for Google Pixel, OnePlus (running Oxygen OS 12 or later) and Samsung Galaxy phones:
- Samsung Galaxy phones
- Faucet Settings → About the phone → Software Information.
- Google Pixel Phones
- To select Settings → About the phone → Android version.
- OnePlus phones
- Go to Settings → About the device → Version.
If you have a phone from another manufacturer, just type “kernel” in the settings search bar. Although it still doesn’t appear on all devices, it is a quick and easy way to access information in many cases, including devices not covered above.
Remember, if tIf the first digits of your phone’s kernel version are lower than 5.8, you are safe.
What can be done to fix the Dirty Pipe exploit?
Currently, there is nothing you can do to fix the problem. The vulnerability on Android phones is to be patched by manufacturers and Google via an OTA update. The problem has already been fixed in the Linux kernel itself (if you’re using a server or using Linux in another application, update as soon as possible), but the process of delivering an update to Android is a bit more complicated because of how Android works.
Google tells us it’s aware of the vulnerability and has shared information with partners on how to fix the issue, and Qualcomm further confirms that fixes are available and should land as part of a future security bulletin. Android – a monthly security patch, in other words.
So far we don’t know of any specific patch level that will fix the issue or any updates for Android devices, but I expect updates in the next few months (in April, May or June ) likely include a fix on affected models. A specific schedule will likely vary from manufacturer to manufacturer based on their individual update policy. Some companies, like OnePlus, only provide updates every two months, many are monthly, others are quarterly.
There are a few things you can do while waiting to reduce your potential risk. If your phone is affected:
- Don’t install apps from developers you don’t trust.
- Do not sideload or manually install apps outside of the Play Store.
- Check for system updates frequently.
Google also tells us that it is investigating ways to use Google Play Protect to provide additional protection against this issue. Sticking to sources like the Play Store for your apps will reduce the chances of installing a malicious app that takes advantage of the Dirty Pipe vulnerability, although it’s not a perfect defense. Apps can still download code that takes advantage of the vulnerability after they’ve been installed.
In the coming months, Dirty Pipe’s impact on Android will be reduced as manufacturers roll out updates to address the issue. If you haven’t updated to a new flagship in the past six months, there’s no need to worry. If, however, you have just picked up a new Samsung Galaxy S22, avoid downloading apps outside of the Google Play Store and keep an eye out for OTA updates for your phone.
UPDATED: 2022/03/16 16:24 EST BY RYNE HAGER
Additional information about affected hardware
Qualcomm has given us additional details about the chipsets it provides that can use the affected cores. Of its hardware, only devices using the Snapdragon 8 Gen 1 could be affected. We are still awaiting additional information from other suppliers.
Android 13 DP2 is now available, giving Pixels another preview of the changes to come
About the Author