SamMobile has affiliate and sponsored partnerships. If you buy something through one of these links, we may earn a commission. Learn more.

Google slams Samsung for making unnecessary changes to Linux kernel code

Phone
By 

Last updated: February 14th, 2020 at 08:08 UTC+02:00

We all know that Samsung makes an extra effort in strengthening the security of its smartphones with initiatives such as Knox. However, sometimes those extra efforts hurt more than they help. Now, Google has slammed the South Korean smartphone brand for making unnecessary changes to the Linux kernel code and exposing it to more security bugs.

According to Google Project Zero researcher Jann Horn, Samsung is creating more vulnerabilities by adding downstream custom drivers for direct hardware access to Android’s Linux kernel. These changes are implemented without being reviewed by upstream kernel developers. Horn found a similar mistake in the Android kernel of the Galaxy A50, and the unreviewed custom driver added security bugs related to memory corruption.

The bug affected the company’s PROCA (Process Authenticator) security subsystem. Samsung describes the bug as a moderate issue on its security website. It allows “possible arbitrary code execution” on some Galaxy smartphones running Android 9.0 and Android 10 operating systems. Google reported the bug to Samsung in November 2019, and the South Korean firm released a patch for the bug earlier this month.

The blogpost by Google Project Zero researcher is focussed on efforts in Android to reduce the security impact of brands adding unique code to the Linux kernel. Google is trying to lock down processes that have access to device drivers, but changes to the kernel made by brands like Samsung undermine those efforts.

It was suggested that smartphone makers utilize direct hardware access features that are already present in Linux rather than making changes to the kernel code. For example, PROCA is meant to stop an attacker who has already gained read and write access to the kernel, but Samsung could spend the engineering hours on preventing the attacker from getting that access in the first place.

He says that some of the custom features that Samsung and other OEMs add to the Linux kernel on their devices are “unnecessary” and they wouldn’t affect the devices even if they were removed.

Source Phone Galaxy A50
Load 2 comments

You might also like

Galaxy S10 and A50 users, say bye bye to monthly security updates

Samsung has demoted the long-lasting Galaxy S10 series from monthly security updates to quarterly releases. From now on, the Galaxy S10e, Galaxy S10, and Galaxy S10+ will receive new security patches every three months instead of every month. The same is true for the mid-range Galaxy A50. The Galaxy S10 lineup was released in March […]

  • By Mihai Matei
  • 5 months ago

Galaxy A53 vs Galaxy A50: Get ready to open your wallet

The Galaxy A53, which was unveiled earlier today, is the successor to last year’s Galaxy A52. But not all Galaxy A52 owners would be interested in upgrading to the new device. If you’re currently using the Galaxy A50 or the Galaxy A51, the Galaxy A53 would be an excellent upgrade for your smartphone. Let’s find […]

  • By Asif Iqbal Shaik
  • 5 months ago

Carrier-locked Galaxy A50 gets December 2021 security update in the US

Two weeks ago, Samsung started rolling out the December 2021 security update to the Galaxy A50. Over the next few days, the update reached more markets worldwide. Now, the carrier-locked variant of the smartphone has started getting the latest security patch in the US. The latest software update for the US carrier-locked variant of the […]

  • By Asif Iqbal Shaik
  • 8 months ago

Galaxy A50 gets December 2021 security update in more markets

After releasing the December 2021 security update to its high-end smartphones, Samsung released it to the Galaxy A50. Now, the company has released the update to in more markets, including Asia, Canada, and Latin America. The latest update for the Galaxy A50 comes with the following firmware versions: A505FDDS9CUK3: Cambodia, Malaysia, and Vietnam A505GUBS9CUL1: Argentina, […]

  • By Asif Iqbal Shaik
  • 8 months ago

It’s no Android 12, but the Galaxy A50 did just get the latest security update

The Galaxy A50 didn’t make the cut when Samsung was designing its new OS upgrade policy, which promises three major Android updates to many of its mid-range phones and all of its flagship devices launched post-2019. But the company continues to release new security updates for the Galaxy A50 pretty regularly, and another one has […]

  • By Abhijeet Mishra
  • 8 months ago

Galaxy A50 starts getting November 2021 security update in multiple regions

Samsung has released the November 2021 security update to the Galaxy A50 in various countries around the world. The new security patch was released to the Galaxy A52 and the Galaxy A52s 5G earlier this week. Most other high-end smartphones from the company received the update earlier this month. The new software update for the […]

  • By Asif Iqbal Shaik
  • 9 months ago