SamMobile has affiliate and sponsored partnerships. If you buy something through one of these links, we may earn a commission.

News For You
News For You
Notifications

Google slams Samsung for making unnecessary changes to Linux kernel code

Phone
By 

Last updated: February 14th, 2020 at 08:08 UTC+01:00

We all know that Samsung makes an extra effort in strengthening the security of its smartphones with initiatives such as Knox. However, sometimes those extra efforts hurt more than they help. Now, Google has slammed the South Korean smartphone brand for making unnecessary changes to the Linux kernel code and exposing it to more security bugs.

According to Google Project Zero researcher Jann Horn, Samsung is creating more vulnerabilities by adding downstream custom drivers for direct hardware access to Android's Linux kernel. These changes are implemented without being reviewed by upstream kernel developers. Horn found a similar mistake in the Android kernel of the Galaxy A50, and the unreviewed custom driver added security bugs related to memory corruption.

The bug affected the company's PROCA (Process Authenticator) security subsystem. Samsung describes the bug as a moderate issue on its security website. It allows “possible arbitrary code execution” on some Galaxy smartphones running Android 9.0 and Android 10 operating systems. Google reported the bug to Samsung in November 2019, and the South Korean firm released a patch for the bug earlier this month.

The blogpost by Google Project Zero researcher is focussed on efforts in Android to reduce the security impact of brands adding unique code to the Linux kernel. Google is trying to lock down processes that have access to device drivers, but changes to the kernel made by brands like Samsung undermine those efforts.

It was suggested that smartphone makers utilize direct hardware access features that are already present in Linux rather than making changes to the kernel code. For example, PROCA is meant to stop an attacker who has already gained read and write access to the kernel, but Samsung could spend the engineering hours on preventing the attacker from getting that access in the first place.

He says that some of the custom features that Samsung and other OEMs add to the Linux kernel on their devices are “unnecessary” and they wouldn't affect the devices even if they were removed.

Source Phone Galaxy A50
Galaxy AI summarized

Scroll for more related content
News For You

You might also like

Galaxy S10 and Galaxy A50 will no longer get software updates

Galaxy S10 and Galaxy A50 will no longer get software updates

Four years after the launch of the Galaxy A50 and the Galaxy S10 series, Samsung has decided to discontinue software update support for them. This sad news was first spotted by our friends at GalaxyClub earlier today when Samsung released the details surrounding the April 2023 security patch. Samsung has stopped releasing software updates to […]

  • By Asif Iqbal Shaik
  • 2 years ago
Samsung pushes January 2023 security update to Galaxy A50

Samsung pushes January 2023 security update to Galaxy A50

The Galaxy A50 is eligible for quarterly security updates, and today, Samsung is rolling out this quarter’s security update to the phone. The latest update brings the January 2023 security patch, and it is currently rolling out to the phone’s variant that’s sold in Latin America (SM-A505G). The new firmware comes with version A505GUBS9CWA2 and […]

  • By Asif Iqbal Shaik
  • 2 years ago
Galaxy A50 gets the October 2022 security update around the world

Galaxy A50 gets the October 2022 security update around the world

Although the Galaxy A50 got demoted from monthly security updates in April 2022, it's now time for this 2019 mid-range phone to have its security level upgraded again. Samsung is rolling out the October 2022 security patch for the Galaxy A50, and as of now, the update is available in multiple regions. The October 2022 […]

  • By Mihai Matei
  • 2 years ago
Galaxy S10 and A50 users, say bye bye to monthly security updates

Galaxy S10 and A50 users, say bye bye to monthly security updates

Samsung has demoted the long-lasting Galaxy S10 series from monthly security updates to quarterly releases. From now on, the Galaxy S10e, Galaxy S10, and Galaxy S10+ will receive new security patches every three months instead of every month. The same is true for the mid-range Galaxy A50. The Galaxy S10 lineup was released in March […]

  • By Mihai Matei
  • 3 years ago
Galaxy A53 vs Galaxy A50: Get ready to open your wallet

Galaxy A53 vs Galaxy A50: Get ready to open your wallet

The Galaxy A53, which was unveiled earlier today, is the successor to last year's Galaxy A52. But not all Galaxy A52 owners would be interested in upgrading to the new device. If you're currently using the Galaxy A50 or the Galaxy A51, the Galaxy A53 would be an excellent upgrade for your smartphone. Let's find […]

  • By Asif Iqbal Shaik
  • 3 years ago
Carrier-locked Galaxy A50 gets December 2021 security update in the US

Carrier-locked Galaxy A50 gets December 2021 security update in the US

Two weeks ago, Samsung started rolling out the December 2021 security update to the Galaxy A50. Over the next few days, the update reached more markets worldwide. Now, the carrier-locked variant of the smartphone has started getting the latest security patch in the US. The latest software update for the US carrier-locked variant of the […]

  • By Asif Iqbal Shaik
  • 3 years ago