There’s a new method for rooting Android devices that’s believed to work reliably on every version of the mobile operating system and a wide array of hardware. Individuals can use it to bypass limitations imposed by manufacturers or carriers, but it could also be snuck into apps for malicious purposes.
The technique comes courtesy of a Linux privilege-escalation bug that, as came to light last week, attackers are actively exploiting to hack Web servers and other machines. Dirty Cow, as some people are calling the vulnerability, was introduced into the core Linux kernel in 2007. It’s extremely easy to exploit, making it one of the worst privilege-elevation flaws ever to hit the open-source OS.
Independent security researcher David Manouchehri told Ars that this proof-of-concept code that exploits Dirty Cow on Android gets devices close to root. With a few additional lines, Manouchehri’s code provides persistent root access on all five of the Android devices he has tested.
Submitted by: Arnfried Walbrecht