We all know that Samsung makes an extra effort in strengthening the security of its smartphones with initiatives such as Knox. However, sometimes those extra efforts hurt more than they help. Now, Google has slammed the South Korean smartphone brand for making unnecessary changes to the Linux kernel code and exposing it to more security bugs.
According to Google Project Zero researcher Jann Horn, Samsung is creating more vulnerabilities by adding downstream custom drivers for direct hardware access to Android’s Linux kernel. These changes are implemented without being reviewed by upstream kernel developers. Horn found a similar mistake in the Android kernel of the Galaxy A50, and the unreviewed custom driver added security bugs related to memory corruption.
The bug affected the company’s PROCA (Process Authenticator) security subsystem. Samsung describes the bug as a moderate issue on its security website. It allows “possible arbitrary code execution” on some Galaxy smartphones running Android 9.0 and Android 10 operating systems. Google reported the bug to Samsung in November 2019, and the South Korean firm released a patch for the bug earlier this month.
The blogpost by Google Project Zero researcher is focussed on efforts in Android to reduce the security impact of brands adding unique code to the Linux kernel. Google is trying to lock down processes that have access to device drivers, but changes to the kernel made by brands like Samsung undermine those efforts.
It was suggested that smartphone makers utilize direct hardware access features that are already present in Linux rather than making changes to the kernel code. For example, PROCA is meant to stop an attacker who has already gained read and write access to the kernel, but Samsung could spend the engineering hours on preventing the attacker from getting that access in the first place.
He says that some of the custom features that Samsung and other OEMs add to the Linux kernel on their devices are “unnecessary” and they wouldn’t affect the devices even if they were removed.