Skip to main content

Google calls out Samsung for ‘unnecessary’ changes to Android’s kernel

Avatar for Ben Schoon  | Feb 14 2020 - 8:32 am PT
0 Comments
samsung google logo

Being the biggest Android OEM, Samsung and Google are generally close partners. Google’s Project Zero, though, is tasked with finding bugs and security exploits. This week, Google is calling out Samsung for an issue on the Galaxy A50, specifically mentioning Samsung’s “unnecessary changes” to Android’s core kernel.

In a very detailed post, Google’s Jann Horn explains this concern with Samsung’s Android kernel on the Galaxy A50. Every Android device makes changes to Android’s Linux kernel in order to work properly, as device-specific changes are important, even necessary in a lot of cases. However, some of Samsung’s changes are apparently creating more vulnerabilities.

Horn says that Samsung’s changes are for creating direct hardware access to the kernel by adding downstream custom drivers. Those changes, though, aren’t being reviewed by upstream kernel developers. In English, Samsung is trying to fix things themselves instead of using more official sources. As a result, this allows for “possible arbitrary code execution” on devices running Android Pie or even Android 10.

One example of this was a bug on the Galaxy A50 which affected Samsung’s PROCA (Process Authenticator) security subsystem. Google first reported this issue to Samsung back in November and a patch was released by Samsung this month.

In this post, Google says that efforts have been made to “lock down” which processes have access to device drivers in order to prevent vulnerabilities. Apparently, device-specific kernel changes are a frequent source of vulnerabilities. When companies such as Samsung make changes to the kernel, though, it negates Google’s work.

Further, Google says that Samsung’s changes are “unnecessary” in the first place. For example, one of Samsung’s changes was a security measure to restrict an attacker that gained “arbitrary kernel read/write.” Google says this seems “futile” and that Samsung’s efforts would have been better spent preventing an attacker from even getting to that point. Horn says that, “ideally, all vendors should move towards using, and frequently applying updates from, supported upstream kernels.”

You can read the full post for more details on the Project Zero blog.

More on Samsung:

Add 9to5Google to your Google News feed. 

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Check out 9to5Google on YouTube for more news:

Comments

Guides

Android

Android

Breaking news for Android. Get the latest on app…
Google

Google

Stay up to date on news from Google headquarters…
Samsung project zero

Author

Avatar for Ben Schoon Ben Schoon

Ben is a Senior Editor for 9to5Google.

Find him on Twitter @NexusBen. Send tips to schoon@9to5g.com or encrypted to benschoon@protonmail.com.

Ben Schoon's favorite gear

Google Pixel Watch 2

Ben's smartwatch of choice with his phone is the Google Pixel Watch 2.

samsung galaxy s24 ultra

Reserve Galaxy S24

Reserve the Galaxy S24 series for free and get a $50 credit, no obligation required.