https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2020/02/samsung_google_logo.jpg?w=2500&quality=82&strip=all&ssl=1

Google calls out Samsung for ‘unnecessary’ changes to Android’s kernel

by

Being the biggest Android OEM, Samsung and Google are generally close partners. Google’s Project Zero, though, is tasked with finding bugs and security exploits. This week, Google is calling out Samsung for an issue on the Galaxy A50, specifically mentioning Samsung’s “unnecessary changes” to Android’s core kernel.

In a very detailed post, Google’s Jann Horn explains this concern with Samsung’s Android kernel on the Galaxy A50. Every Android device makes changes to Android’s Linux kernel in order to work properly, as device-specific changes are important, even necessary in a lot of cases. However, some of Samsung’s changes are apparently creating more vulnerabilities.

Horn says that Samsung’s changes are for creating direct hardware access to the kernel by adding downstream custom drivers. Those changes, though, aren’t being reviewed by upstream kernel developers. In English, Samsung is trying to fix things themselves instead of using more official sources. As a result, this allows for “possible arbitrary code execution” on devices running Android Pie or even Android 10.

One example of this was a bug on the Galaxy A50 which affected Samsung’s PROCA (Process Authenticator) security subsystem. Google first reported this issue to Samsung back in November and a patch was released by Samsung this month.

In this post, Google says that efforts have been made to “lock down” which processes have access to device drivers in order to prevent vulnerabilities. Apparently, device-specific kernel changes are a frequent source of vulnerabilities. When companies such as Samsung make changes to the kernel, though, it negates Google’s work.

Further, Google says that Samsung’s changes are “unnecessary” in the first place. For example, one of Samsung’s changes was a security measure to restrict an attacker that gained “arbitrary kernel read/write.” Google says this seems “futile” and that Samsung’s efforts would have been better spent preventing an attacker from even getting to that point. Horn says that, “ideally, all vendors should move towards using, and frequently applying updates from, supported upstream kernels.”

You can read the full post for more details on the Project Zero blog.

More on Samsung:


Check out 9to5Google on YouTube for more news: