scorecardresearch
Thursday, Mar 28, 2024
Advertisement

Google pulls up Samsung for tweaking android

In the blog post, Samsung has been mentioned specifically for adding code to the Android kernel of its mid-range Galaxy A50 smartphone.

Google, Android, Android vulnerability, Samsung, Samsung Galaxy A50, Samsung Galaxy A50 Android, Samsung Android kernel The blog post stated, “Unfortunately, it is more difficult to generically lock down the attack surface that is created when vendors modify core kernel functionality.”

Google’s security group Project Zero in a blog post has called out Samsung for making changes in the Android kernel. It stated that these changes leave Android devices more vulnerable to attacks. Apart from this, the team also stated that a number of smartphone manufacturers have been adding their own code to the Android kernel, which then opened up a door to hackers by exposing security flaws.

In the blog post, Samsung has been mentioned specifically for adding code to the Android kernel of its mid-range Galaxy A50 smartphone. Samsung had modified the kernel to add an extra security subsystem to track process identities (named PROCA short for Process Authenticator), which created a memory bug.

It stated that by combining several logic issues in this subsystem with a brittle code pattern, hackers can cause a possible memory unsafety.

Advertisement

Express Tech is now on Telegram. Click here to join our channel (@expresstechie) and stay updated with the latest tech news

The blog post stated, “Unfortunately, it is more difficult to generically lock down the attack surface that is created when vendors modify core kernel functionality.” Due to which it recommends that manufacturers should stop making changes to the Android core kernel.

Festive offer

Android 11 First Developer preview is here: How to get it on your Pixel phone

The company has since then issued a patch for the above bug, however, in the post, it is stated that the fix is “very unreliable.” He rather suggests that smartphone manufacturers should rely on Android’s built-in security features, instead, of trying to add their own features via the source code kernel.

Advertisement

Samsung has not responded to this statement as of now, but we expect the company to soon come out with a statement.


 

First uploaded on: 21-02-2020 at 20:39 IST
Latest Comment
Post Comment
Read Comments
Advertisement
Advertisement
Advertisement
Advertisement
close