The security world was in an uproar this week over a new Linux exploit called “Dirty Pipe” that is also affecting Android 12 devices like the Galaxy S22 and Pixel 6. Here’s everything you need to know about dirty pipe, which devices are affected, and the best ways to avoid it.
What can Dirty Pipe do?
Recently revealed by Max Kellermann as vulnerability CVE-2022-0847, “Dirty Pipe” is a security exploit in selected newer versions of the Linux kernel. (The kernel is the core of an operating system, and often acts as an intermediary from applications to your actual hardware.) In short, any application that can read files on your phone/computer — permission many Android apps ask for — potentially can mess with your files or run malicious code. With desktop/laptop versions of Linux, this has already been shown to be easily able to gain administrative privileges.
Simply put, this exploit could easily give an attacker full control over your device.
Which devices are affected by “Dirty Pipe”?
Broadly speaking, “dirty pipe” affects Linux-powered devices — this includes everything from Android phones and Chromebooks to Google Home devices like Chromecasts, speakers, and displays. More specifically, the bug was introduced with Linux kernel version 5.8 released in 2020 and has persisted in future releases.
On the Android side of things, as noted by Ars Technica‘S Ron Amadeo, Dirty Pipe’s damage potential is far more limited. In fact, most Android devices use an older version of the Linux kernel that is not affected by the exploit. Only devices that started life with Android 12 stand a chance of being affected.
Unfortunately, this means that Android phones like the Google Pixel 6 series and the Samsung Galaxy S22 series are both potentially vulnerable to dirty pipe. In fact, the developer who originally discovered the exploit was able to reproduce it on a Pixel 6 and reported it to Google.
The easiest way to check if your device is affected is to view your Linux kernel version. To do this, open the Settings app, open About phone, tap Android version, then look for Kernel version. If you’re seeing a version higher than 5.8 – and if Google hasn’t released a security patch yet – then your device may be vulnerable to the “dirty pipe” exploit.
To find the same information on Chrome OS, open a new tab and navigate to chrome://system and scroll down to uname. You should see something like the following text. If the number after “Linux localhost” is higher than 5.8, your device may be affected.
Attackers use the exploit?
So far, there are no known cases where the “Dirty Pipe” exploit has been misused to take control of a phone or computer. Nevertheless, some developers have shown proof-of-concept examples of how easy “dirty pipe” can be used. It’s certainly only a matter of time before Dirty Pipe-based exploits show up in the wild.
What are Google and other companies doing?
In addition to the initial discovery of the Dirty Pipe exploit, Kellermann was also able to figure out how to fix it and submitted a fix to the Linux Kernel Project shortly after the private disclosure. Two days later, newer builds of supported versions of the Linux kernel containing the fix were released.
As previously mentioned, the Dirty Pipe exploit was also reported to Google’s Android security team in late February. Within a few days, Kellermann’s solution was there added to android source codeto ensure future builds are secure. The Chrome OS team followed suit by including the fix 7th Marchthe fix appears to be imminent possibly as a mid-cycle update to Chrome OS 99.
However, given how recent both the exploit and the fix are, the issue does not appear to have been included in the March 2022 Android Security Bulletin. It’s currently not clear if a dedicated patch will be made for affected devices like the Pixel 6 series, or if the exploit will be available by next month’s security patch. According to Android Police Ryne HagerGoogle has confirmed that the recent delay in the Pixel 6 March patch is not related to the “dirty pipe” exploit.
How does Dirty Pipe work?
For those interested in technology, especially those with Linux experience, Kellermann published an interesting account of how “Dirty Pipe” was accidentally discovered and the core mechanics of how it works.
Here’s a (too) simplified explanation: As the name “dirty pipe” suggests, it has to do with the Linux concepts of “pipes” – used to transfer data from one application or process to another – and “pages” – little chunks of your memory. In fact, it is possible for an application to manipulate Linux pipes in such a way that it is possible to insert its own data into a memory page.
This makes it easy for the attacker to either change the contents of a file you’re trying to open, or even take full control of your computer.
How can I protect my device?
The best way to protect your device from dirty pipe exploits for now — and probably good advice in general — is to only run apps you know you can trust. You should also refrain from installing new apps in the short term if possible. While these measures may seem simple, they should go a long way in keeping your device secure until a security patch is available.
FTC: We use income earning auto affiliate links. More.