The security world has been abuzz this week over a new Linux exploit called “Dirty Pipe”, which is also affecting Android 12 devices like Galaxy S22 and Pixel 6. Here’s everything you need to know about “Dirty Pipe “, the devices it affects, and how best to avoid it.
What can Dirty Pipe do?
Recently disclosed by Max Kellermann as vulnerability CVE-2022-0847, “Dirty Pipe” is a security exploit in some recent versions of the Linux kernel. (The kernel is the heart of an operating system, often acting as an intermediary between apps and your actual hardware.) In short, any app that can read files on your phone/computer – a permission many apps request Android – can potentially mess up your files or run malicious code. On desktop/laptop versions of Linux, this has already been shown to easily gain administrator privileges.
Simply put, this exploit could easily give an attacker full control of your device.
Which devices are affected by “Dirty Pipe”?
Broadly speaking, “Dirty Pipe” affects Linux-powered devices – which include everything from Android phones and Chromebooks to Google Home devices like Chromecasts, speakers and displays. Specifically, the bug was introduced with Linux kernel version 5.8, released in 2020, and remained present in future releases.
On the Android side, as noted Ars-Technicait’s Ron Amadeo, the damage potential of “Dirty Pipe” is much more limited. Most Android devices actually use an older version of the Linux kernel, unaffected by the exploit. Only devices that started life on Android 12 have a chance of being affected.
Unfortunately, this means that Android phones like the Google Pixel 6 series and the Samsung Galaxy S22 series are both potentially at risk of “Dirty Pipe”. In fact, the developer who originally discovered the exploit was able to reproduce it on a Pixel 6 and reported it to Google.
The easiest way to check if your device is affected is to view your Linux kernel version. To do this, open the Settings app, open “About phone”, tap on “Android version”, then search for “Kernel version”. If you see a version higher than 5.8 – and if Google has not yet released a security patch – your device is potentially at risk from the “Dirty Pipe” exploit.
To find this same information on Chrome OS, open a new tab and navigate to chrome://system and scroll down to “uname”. You should see something like the text below. If the number after “Linux localhost” is greater than 5.8, your device may be affected.
Are attackers using the exploit?
Currently, there are no known cases of the “Dirty Pipe” exploit being abused to take control of a phone or computer. That said, a number of developers showed off proof-of-concept examples of Dirty Pipe’s ease of use. It’s surely only a matter of time before “Dirty Pipe” based exploits start to appear in the wild.
The most recently spotted example (via Max Weinbach) shows that Dirty Pipe is used for very quickly Get root access on the Pixel 6 and Galaxy S22 using a proof-of-concept app. While the exploit was previously confirmed to be possible on the Pixel 6, this demo, released by Fire30, is the first to show Dirty Pipe in action on an Android phone.
What are Google and other companies doing?
In addition to originally discovering the “Dirty Pipe” exploit, Kellermann was also able to identify how to fix it and submitted a patch to the Linux Kernel Project shortly after privately disclosing it. Two days later, new builds of supported Linux kernel versions were released to include the fix.
As mentioned earlier, the “Dirty Pipe” exploit was also reported to Google’s Android security team in late February. Within days, Kellermann’s patch was added to Android’s source code, ensuring future releases are secure. The Chrome OS team followed suit by picking up the patch on March 7, with the patch apparently set to potentially roll out as a mid-cycle update to Chrome OS 99.
However, given the newness of the exploit and the patch, the issue does not appear to have been included in the March 2022 Android Security Bulletin. It is unclear at this stage if a special patch will be created for devices affected like the Pixel 6 series or if the exploit will be available until next month’s security patch. According to Android Police Ryne HagerGoogle has confirmed that the recent Pixel 6 March patch delay is not related to the “Dirty Pipe” exploit.
How does “Dirty Pipe” work?
For techies, especially those with Linux experience, Kellermann has posted an interesting article on how “Dirty Pipe” was inadvertently discovered and the basic mechanics of how it works.
Here’s an (overly) simplified explanation: as the name “Dirty Pipe” suggests, it has to do with the Linux concepts of “pipes” – which are used to get data from one application or process to another. – and “pages” – small pieces of your RAM. Indeed, it is possible for an application to manipulate Linux pipes in such a way as to allow its own data to be inserted into a memory page.
By doing so, it is easily possible for the attacker to modify the contents of a file you are trying to open or even gain full control of your computer.
How can I protect my device?
The best way to protect your device from “Dirty Pipe” exploits right now — and probably good advice in a general sense — is to only run apps you know you can trust. Also, in the short term, you should avoid installing new apps, if possible. While these steps may seem simple, they should go a long way in keeping your device safe until a security patch is available.
FTC: We use revenue-generating automatic affiliate links. Continued.
Check out 9to5Google on YouTube for more info: