Google has recently condemned Samsung for altering the Linux kernel codes in its Android platform to make the devices even more secure.
According to the Google Zero Project team, several smartphone manufacturers have toyed with the android platform just to make the devices more secure. But in this quest, they have left the devices to even more exposure to security threats.
Altering the DNA of the Linux kernel codes on open-source software is something that is not advisable and Samsung has done it just to create modified and highly secured mobile phones.
However, this step by Samsung has been strongly slammed by Google as it would risk the smartphones of several million users.
The step by Samsung to make mobile phones was for the betterment of mobile devices, but the approach was really naive.
Altering the DNA of the OS would Create Vulnerabilities
Zurich based, Jann Horn, who is only 22 years old works as a security researcher with Google Project Zero team, discovered several flaws at once with a minute alteration in the Android DNA.
Jann also quoted one example of Samsung Galaxy A50 where a slight change while making the custom drivers, opened a gateway to direct access to the kernel. While this was meant to increase the security of the device, the alteration created a bug that corrupted the device’s memory.
Out of the blue Samsung addressed this memory issue as a simple problem that consisted of free and double use vulnerabilities on the devices that ran on Android 9 Pie. This has affected the company’s Process Authentication security subsystem. This issue was addressed with a bug fix in February, later.
Jann Horn also adds that these device-specific Linux kernel changes in the DNA of an OS are a source of vulnerabilities and he calls them ‘unnecessary’. This denies Google’s ability to secure the OS.
Samsung defended itself by saying that one of the changes in a device was only to restrict a hacker who got access to obtain the ‘arbitrary read and write’ file of the Kernel. Jann argued that the hacker could not have reached this point if engineering resources were better utilized.
“Ideally, all the providers should move towards frequent use and application of upgrades of the supported upstream cores.”, Jann Horn concluded with an appeal.
Altering the Linux kernel codes of smartphones would definitely leave them exposed to security threats such as virus attacks, hacker attacks, remote hacking and what not!
Google has rightly disagreed upon this naive step by Samsung to make the devices even more secure.