Language Selection

English French German Italian Portuguese Spanish

Google to Samsung: Stop messing with Linux kernel code. It's hurting Android security

Filed under
Android
Linux
Google
Security

Samsung's attempt to prevent attacks on Galaxy phones by modifying kernel code ended up exposing it to more security bugs, according to Google Project Zero (GPZ).

Not only are smartphone makers like Samsung creating more vulnerabilities by adding downstream custom drivers for direct hardware access to Android's Linux kernel, vendors would be better off using security features that already exist in the Linux kernel, according to GPZ researcher Jann Horn.

[...]

Incidentally, the February update also includes a patch for critical flaw in "TEEGRIS devices", referring to Trusted Execution Environment (TEE) on newer Galaxy phones that contain Samsung's proprietary TEE operating system. The Galaxy S10 is among TEEGRIS devices.

But Horn's new blogpost is focused on efforts in Android to reduce the security impact of vendors adding unique code to the kernel.

"Android has been reducing the security impact of such code by locking down which processes have access to device drivers, which are often vendor-specific," explains Horn.

An example is that newer Android phones access hardware through dedicated helper processes, collectively known as the Hardware Abstraction Layer (HAL) in Android. But Horn says vendors modifying how core parts of the Linux kernel work undermines efforts to "lock down the attack surface".

Read more

Google slams Samsung for making unnecessary changes to Linux

  • Google slams Samsung for making unnecessary changes to Linux kernel code

    We all know that Samsung makes an extra effort in strengthening the security of its smartphones with initiatives such as Knox. However, sometimes those extra efforts hurt more than they help. Now, Google has slammed the South Korean smartphone brand for making unnecessary changes to the Linux kernel code and exposing it to more security bugs.

    According to Google Project Zero researcher Jann Horn, Samsung is creating more vulnerabilities by adding downstream custom drivers for direct hardware access to Android’s Linux kernel. These changes are implemented without being reviewed by upstream kernel developers. Horn found a similar mistake in the Android kernel of the Galaxy A50, and the unreviewed custom driver added security bugs related to memory corruption.

Google Scolds Samsung For Making Linux Kernel In Android

  • Google Scolds Samsung For Making Linux Kernel In Android More Hackable

    Google is accustomed to seeing smartphone vendors making changes to the Linux kernel in Android. It is essential, at times, for some device-specific drivers to function properly.

    However, it was “unnecessary” to make such changes in Samsung Galaxy A50’s Android kernel, writes Google’s Jann Horn in a blog post. Horn is part of Google’s Project Zero (GPZ) team that is responsible for finding bugs and security exploits.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

today's howtos

Linux and Graphics: Linux 5.6, RadeonSI Gallium3D and Mesa

  • The Best Features Of The Linux 5.6 Kernel From WireGuard To Y2038 Compatibility To USB4

    The Linux 5.6 stable kernel could be released as soon as tomorrow if Linus Torvalds is comfortable with its current state to avoid having an eighth weekly release candidate. Whether Linux 5.6 ends up being released tomorrow or next weekend, this kernel is bringing many exciting changes. We have our Linux 5.6 feature overview that was published at the end of the merge window for those wanting a lengthy look at all of the kernel highlights.

  • RadeonSI Experimenting With Compute-Based Culling For Navi/GFX10

    The RadeonSI Gallium3D driver has been experimenting with compute-based culling for GFX10/Navi hardware.  Well known open-source AMD OpenGL driver developer Marek Olšák has merged experimental support for compute-based culling. Marek simply noted, "This is an experimental feature that might be used in the future." 

  • Mesa's Continuous Integration To Begin Seeing Testing Coverage For Wine / DXVK

    In hopefully meaning less regressions moving forward for DXVK with the latest open-source Vulkan drivers, the Mesa continuous integration (CI) infrastructure saw support added for playing DirectX (DXGI) traces with DXVK/Wine.  Consulting firm Igalia under contract for Valve added support for APITrace with DXGI traces to the Mesa CI. 

50+ Essential Linux Apps[2020] for your Linux Distro

Best Linux Apps 2020: Welcome to Tec Robust. This article is going to be a long stretch of best and essential Linux Applications 2020 for your Linux Distribution. It covers applications for Distros such as Ubuntu, Fedora, OpenSUSE, CentOS, Elementary OS, Zorin OS, Debian, Kubuntu, and more. Without any more delay, we will get into the article. Equip your Linux with the best applications listed down here. Read more

Arcolinux - Too much, too little

Walking the Tux road, one system at a time. A short while back, I thought a departure from the proven mainstream dozen distros would do me some fresh good. So I grabbed Solus OS, I tested Peppermint, and now, I'd like to embark on an Arch adventure. Previously known as ArchMerge, Arcolinux is a distro that obeys Monty Python's rule of three. Three shall be the number of versions, and the number of desktop environments shall be three. Not two, not four. ArcoLinux has the main edition plus D and B builds for tinkerers. I opted for the Xfce-clad 19.12 release. Without further ado, let's see what gives. [...] I am struggling to reconcile with the polar brilliance of the Linux desktop. Even now, some 15+ years since I started using it, I haven't gotten used to it. You get something really cool, and then a bunch of random cosmic events that ruin the experience. And this is because most distros aren't designed with the end user in mind, and they have no product awareness. Arcolinux has some interesting points. But this ain't new, radical or special. You can pick any distro, and it will do something significantly better than others. Then, it will also fail three or five basic things that ordinary folks expect. And most distros have this problem - they do not address the most mundane activities or needs that one wants in a desktop. Arcolinux was fast, it did all right on the connectivity front, but it's quite rough around the edges, and if you deviate from the dark-theme unicorn, the session loses all traces of fun. Which is not how it's meant to be. If you want to test something a bit avant-garde, and Arch-based at this, perhaps you want to look at Arcolinux. For me, this is a classic manifestation of a much wider problem in the Linux space, and once again, sadness rules supreme at the end of the short review. Read more