Dirty COW Linux Flaw Can Root Android Devices

Long standing Linux vulnerability also impacts Android and can be used to root devices, researcher warns

A near decade old security flaw in the Linux kernel that is being exploited by hackers can also affect Android, it has been reported.

Last week Red Hat advised all Linux users to patch the hole as soon as possible, after it found that Dirty COW existed in nearly all versions of the Linux source code for many years.

Privilege Escalation

The name is derived from how the flaw exploits the way the Linux kernel’s memory subsystem handles the copy-on-write (COW) breakage of private read-only memory mappings.

Highland cowDirty COW gave hackers the ability to obtain greater access and control over a targeted computer, so called ‘privilege escalation’. Researchers warned last week  Dirty COW occurred in different layers of Linux making it difficult to defend against it using security software.

And given the spread of the open source operating system, the flaw potentially affected a huge number of systems.

And this seems to be the case as Android of course was developed on top of Linux, and this privilege-escalation bug can apparently be used on Android to give hackers root access to a device.

Security researcher David Manouchehri published proof-of-concept code that can exploit Dirty Cow on Android and provide root access on a number of Android devices.

“It’s very easy for someone who’s somewhat familiar with the Android filesystem,” Manouchehri told ArsTechnica. “From what I can tell, in theory it should be able to root every device since Android 1.0. Android 1.0 started on [Linux] kernel [version] 2.6.25, and this exploit has been around since [Linux kernel version] 2.6.22.”

“Successfully got root access on Android 6.0.1 via the DirtyCow exploit (CVE-2016-5195),” Manouchehri tweeted.

Android Security

The discovery that Dirty COW can also be used to exploit Android comes amid continuing security concerns about Android.

Last week for example a study found that a single family of malware accounted for most of the current infections on Android devices.

Mobile security firm Cheetah Mobile examined what it said are the two most prevalent Trojan horses on Android – called com.sms.sys.manager and com.al.alarm.controller – and found they were slightly altered variants of a single family, known as Ghost Push.

Also last week McAfee Labs discovered a variant of the Acecard trojan malware which tricks gullible Android users into posing for a selfie while handing over other personal information.

Earlier this month Google patched a massive 78 Android vulnerabilities with its latest security bulletin for the mobile operating system.

Are you a security pro? Try our quiz!