Samsung modifies Android kernel and makes it even more unsecure

Recently, Samsung vulnerability testing specialists announced that they would implement a number of modifications to Android kernel code, in an attempt to prevent some common attack variants against users of Galaxy devices.

Despite these efforts, Google Project Zero experts revealed that these modifications ended up exposing the devices to more security issues, so they have asked Samsung and other smart device manufacturers to use the security features already existing, because they don’t have control over the failures that can arise due to these kernel modifications.

According to Jann Horn, a vulnerability testing specialist member of Project Zero, this error (common among smart devices developers) is related to the adding of code to the downstream Linux kernel that upstream kernel developers have not revised.

While these modifications are geared towards device security, developers at manufacturer companies do not consider failures that these slight alterations could cause elsewhere in the system. In the case of Samsung, the modifications caused a memory corruption flaw in the security subsystem called Process Authenticator. This bug was reported to Google and fixed in the Galaxy device update for February.

Galaxy updates for February also included security patches to fix a security flaw affecting devices with Trusted Execution Environment (TEE), an isolated security area on each device’s processor. It has not yet been determined whether there is a link between the modifications made by Samsung and the presence of this flaw.

In their report, Project Zero vulnerability testing specialists claim that most of Samsung’s kernel modifications are unnecessary and would not affect the operation of Galaxy devices if they were removed.

The International Institute of Cyber Security (IICS) mentions that kernel modifications could be better implemented if they are updated or moved to user space controllers, where they can be implemented in more programming languages secure or in isolated environments, plus they would no longer be inconvenient for later kernel versions.