The Complete Magazine on Open Source

Dirty Cow bug can root any of your Android devices

SHARE
/ 4027 2

Android vulnerability

Researchers have discovered a new way to root Android devices — the method leverages the nasty Linux kernel memory bug — that has emerged as Dirty Cow. This new way is believed to work on all versions of Android OS and hit a broad range of hardware, starting from smartphones to tablets.

Leveraging the Dirty Cow vulnerability opens a new way of unified rooting method for all Android versions. The flaw was first surfaced in Linux kernel in 2007 and is yet to be fixed across various open source platforms. Moreover, it is considered that the ease of exploiting Dirty Cow makes it one of the worst flaws that ever introduced to community platforms.

As reported by Ars Technica, independent security researcher David Manouchehri considers that for a someone who is familiar with Android filesystem, it is quite easy to use the new exploit and root any device since Android 1.0. The exploit was debuted in Linux kernel 2.6.22, while the first Android v1.0 was powered by Linux kernel 2.6.25.

Most of the devices have restricted tethering capabilities. However, by leveraging this particular exploit, users can gain access to the core parts of Android OS and bypass limitations.

A video released on YouTube demonstrates the passing ID and su commands on an unrooted device. Later the narrator in the video runs “moo” followed by the file containing exploit code to root the device instantly.

Although the exploit allows unauthenticated attackers to elevate control of Linux server, it gives new possibilities for Android developers to easily gain access to OS functionalities. Also, hackers might use the flaw to maliciously trigger root on devices.

That being said, Google is set to release a patch for Dirty Cow in November to maker the exploit harder for developers. The Linux community is also separately working to fill the loophole.