Original title: Google warns Samsung not to tamper with Android kernel code

Recently, the Google Project Zero (GPZ) team warned Samsung that if Samsung modifies the kernel code in its Galaxy phones, it will expose more security vulnerabilities.

Security loopholes caused by mobile phone manufacturers

It is understood that GPZ researcher Jann Horn found errors in the Android kernel of the Samsung Galaxy A50. Jann Horn points out that smartphone manufacturers like Samsung will directly access Android's Linux kernel by adding downstream custom drivers, resulting in more security vulnerabilities.

At the same time, Jann Horn says Samsung's practice is common among all smartphone manufacturers-adding downstream code to the Linux Kernel that has not been reviewed by upstream kernel developers, adding security errors related to memory corruption.

Although these downstream custom codes are designed to increase the security of the device, they may lead to new security vulnerabilities. For example, Samsung's code that was intended to enhance kernel security ended up with a memory corruption vulnerability. In November 2019, Google notified Samsung of the vulnerability.

It is reported that the vulnerability affects Samsung's additional security subsystem, which is called PROCA or Process Authenticator. Then, in February 2020, Samsung said it had fixed the vulnerability in its mobile phone update.

In addition, it is worth mentioning that Samsung included a patch for serious defects in "TEEGRIS devices" in its mobile phone system update in February. According to reports, TEEGRIS devices refer to the trusted execution environment (TEE) on newer Galaxy phones with Samsung's proprietary TEE operating system, and Galaxy S10 is one of the TEEGRIS devices.

In Samsung's description, SVE-2019-16132 (Lei Feng net press: Samsung's code name for the vulnerability) is not a serious problem and consists of Use-After-Free and Double-Free vulnerabilities in PROCA that allow hackers to "execute arbitrary code" on some Galaxy phones running Android 9.0 and 10.0.

However, in Jann Horn's view, he is more concerned about how Android can reduce the security problems caused by smartphone vendors adding unique code to the kernel. Jann Horn further added:

Android has reduced the security impact of such code by locking which processes can access device drivers. These device drivers are usually targeted at specific smartphone vendors.

Newer Android phones, for example, access hardware through a dedicated helper process in Android, collectively known as the hardware abstraction layer (HAL). But Jann Horn believes that the way smartphone vendors modify Linux kernel code will undermine those efforts.

Not only that, Jann Horn also said that mobile phone manufacturers should use the direct hardware access features that Linux already supports, rather than customizing Linux kernel code. At the same time, Jann Horn also pointed out that some of the customized features added by Samsung are unnecessary and will not affect the security of the device if they are removed.

According to Jann Horn, PROCA is intended to limit attackers who have been given read and write access to the kernel. But he believes Samsung can improve efficiency by directing engineering resources to prevent attackers from gaining such access in the first place.

Jann Horn explained:

In my opinion, kernel modifications for specific devices are best moved up to user-space drivers, where they can be performed in a more secure programming language and sandboxed without complicating newer kernel versions.

Lei Feng click: this article is compiled from ZDNet

The original article of Lei Feng net is forbidden to reprint without authorization. For details, please see the reprint instructions.