A bug has been identified in Samsung A50, which resulted from a modification of the kernel code by the South Korean smartphone manufacturer.
John Horn, a researcher of Google’s Project Zero found out a bug in Samsung’s Process Authenticator (POCRA) and has listed the vulnerabilities associated with it in a blog post. During the research, Horn found out that although Samsung added certain security features in the kernel, these features were unable to stop the attacker from:
- Gaining access to inodes that are usually inaccessible.
- Directly reading the data from the kernel.
- Modifying the userspace code and userspace pointers.
- Modifying and reading the saved register state of other userspace processes stored in the kernel.
- Modifying the memory management state of the device.
The vulnerabilities were reported to Samsung on November 12, 2019, and the company released a security patch (SVE-2019-16132) in February, addressing the issue as a moderate risk. It is normal for the vendors to add a device-specific code to the kernel which makes the device vulnerable to attacks. Google, on its part, tries to minimise the vulnerabilities of the kernel code by restricting the access of the processes to the device drivers. However, this proves to be a difficult task when the manufacturers modify the kernel’s functionality.
“I believe that device-specific kernel modifications would be better off either being upstreamed or moved into userspace drivers, where they can be implemented in safer programming languages and/or sandboxed, and at the same time won’t complicate updates to newer kernel releases,” John Horn writes in the blog post detailing his research.
Furthermore, Horn says that the tweaks added by Samsung are futile and useless and can be removed without any loss of value and instead of restricting an attacker who has already gained entry into the kernel, the vendors must work on preventing the attacker from gaining access to the kernel in the first place.