Security researchers found a new Linux escalation bug in Linux and Android. This bug, called Dirty Cow can root your Android phone without you being aware of it.
Rooting is a process where a person attains a state of special control or root access to their Android phone. It gives you administrative-like control and lets you do things on your phone that you otherwise couldn’t do. You can install special software, apps, or even delete pre-installed apps that carriers like to slip in. Rooting can also potentially open up your phone to a variety of dangers.
Google based Android on Linux, and open-source operating system for desktops and laptops. Because of this, Android is also open-source. This particular bug, nicknamed Dirty Cow (CVE-2016-5195) has been present in Android since 2007.
Researchers believe that Dirty Cow (copy-on-write) works on every version of Android, and a wide variety of hardware. It’s easy to exploit, which makes it one of the worst privilege escalation bugs in Android. David Manouchehri and independent security researcher told Ars Technica that he used code to get persistent root access on all five Android devices he tested.
“It’s very easy for someone who’s somewhat familiar with the Android filesystem,” said Manouchehri. “From what I can tell, in theory it should be able to root every device since Android 1.0. Android 1.0 started on [Linux] kernel [version] 2.6.25, and this exploit has been around since [Linux kernel version] 2.6.22.”
Another researcher who didn’t want to be named said he developed a separate rooting exploit based on Dirty Cow.
“We are using a rather unique route on it that we can use elsewhere in the future as well…I don’t want Google or anyone shutting down that route.”
The exploit itself isn’t a negative thing. An advanced user can use the bug to root their phone to have capabilities like tethering. But malicious apps can secretly root your phone to spy on users. And that’s just one example.
The original Dirty Cow lets hackers with only limited access to a Linux server to elevate their control over an Android device drastically. New exploits based on Dirty Cow can do even more.
“This is an ancient bug that was actually attempted to be fixed once (badly) by me eleven years ago in commit 4ceb5db9757a…but that was then undone due to problems on s390…”
According to the Android Security Bulletin, Google included a fix for CVE-2016-5195 in Android’s November security patch. This patch started rolling out November 6 and will gradually come to Nexus and Pixel phones.
So far, security researchers haven’t found any variations of the Dirty Cow bug. You can already find proof-of-concept code on GitHub, but it’s possible that Android anti-virus apps could detect this on your device. You don’t have to worry. For now.