Google asks Samsung to stop making Android vulnerable by these personal changes
According to Google, Korean giant Samsung would play "wizard apprentices" with the security of its operating system, Android.
Through its group of computer security researchers, Google Project Zero, the US giant has pointed to some of Samsung's practices that increasingly expose the world's most widely used operating system through the Korean brand's smartphones. For Google specialists, Samsung and other technology manufacturers tend to add features that undermine Redmond's firm's effort to make Android safer.
This article will also interest you: A major security flaw on Android endangers banking data and passwords
Google's Project Zero team has highlighted all of Samsung's attempts on phones Galaxy, which have only resulted in more and more exposure to these smartphones Bugs. Having tolerated this kind of practice for years, due in large part to part of the Open Source character of Android, Google wanted to put these time highlighted the fact that manufacturers of smartphones and other devices that operate under its operating system, make it even more vulnerable to computer attacks by trying to increasingly customizing Android's Linux core, to bring features that are often not necessary. This opinion was clearly set out by Jann Horn, a Project Zero researcher. Because he discovered this kind of change problematic in the Android core of the brand's Galaxy A50 models It's Samsung.
unfortunately this kind of practice is common among manufacturers and suppliers of digital devices, especially smartphones. Although in most cases tensions were good, that is, to increase the safety of their products. There is no such no less than this kind of action tends to multiply the vulnerabilities present in the system of these smartphones. We then remember that in November 2019, Google had reported to Samsung, a security breach presenting in the memory of several Samsung Galaxy models following an attempt enhance the security of Android's Linux core. A security bug that was resolved only this month through an update. "The problem affects Samsung's additional security subsystem called PROCA or Process Authenticator.
Samsung describes the bug, SVE-2019-16132, as a problem moderate vulnerabilities of post-release use and double-one release within PROCA that allow for a "possible execution of code "arbitrary" on some Galaxy devices running Android 9.0 and 10.0. Horn, project zero's security researcher, explained. According to the latter, There are a number of ways in which provided by Android to ensure that providers can better use the service without over-the-doing at the level of Security. And to do so, the aim is to prevent them from additions that may make all this work unnecessary. "Android reduces the impact of this type of code on security by blocking processes who have access to device drivers, which are often specific to the provider. ».
Finally, Horn believes that Samsung's changes are unnecessary. Therefore, they need to stop as soon as possible, where to work upstream with Google: "I think the device-specific core changes would be better integrated either upstream or moved to user space drivers, where they can be implemented in safer programming languages and/or a sandbox. In this way, they will not complicate updates to new versions of the kernel. ».
Now access an unlimited number of passwords: