According to researchers in the Google Project Zero (GPZ) project, Samsung’s attempt to prevent attacks on Galaxy phones by editing code lines in the Linux kernel kernel turned out to be causing many bugs. more security.
Not only Samsung, according to GPZ security researcher Jann Horn, smartphone manufacturers as well as other vendors are adding custom drivers to their hardware directly to Android Linux kernel. undermine the security of this platform.
This is the kind of error that Horn has discovered on the Android core of Samsung Galaxy A50. This is also what many other smartphone vendors often do. They add code to the Linux kernel below while Google’s kernel developers don’t review the code.
Even if these modifications are intended to add device security, they are often accompanied by errors. A kernel security feature, planned to be implemented by Samsung in November last year, was discovered by Google, which will cause data memory errors. The bug was later patched by Samsung in the February update for Galaxy phones.
Not only that, the February update also contains a patch for another critical flaw in “TEEGRIS devices” – the term for devices installed with Trusted Execution Enviroment (TEE: Reliable Enforcement Enforcement). Dependable) – Samsung’s proprietary security operating system. The Galaxy S10 is one of these TEEGRIS devices.
That’s why Horn’s recent blog post focuses on Android being reduced security due to the fact that device vendors are constantly adding code to the kernel.
An example of this is that new Android phones can access hardware through separate processes, also known as Hardware Abstraction Layer (Android). But Horn said that such vendors modify Android Linux kernel will reduce the ability to prevent surface attacks.
Instead, Horn suggested that device manufacturers use the direct hardware access feature that was supported on Linux, rather than having to customize the code in the Linux kernel.
As for Samsung, Horn thinks some of the customization features they add are unnecessary and won’t even affect the device if they are removed.
For example, PROCA or Process Authenticator – an extra security system added by Samsung to prevent an attacker from gaining read and write access to the Android kernel. However, Horn said that Samsung should focus its technical resources on preventing an attacker from accessing the attack in the first place.
Refer to ZDNet