Google: Samsung changes to Android kernel cause security vulnerabilities

Changes that Samsung has made to the kernel of its operating system for the Galaxy A50 smartphone have led to some security problems, claims Google. Google’s Project Zero team believes it’s better to leave the kernel unchanged.

One of the exploits is possible due to a security measure that Samsung has added to the kernel of its Galaxy A50 smartphone, claims Google Project Zero. “Linux kernel code has a lot of sharp edges. Changes to such a codebase, especially a fork without any control from people upstream keeping the code, can easily cause subtle problems, even if these changes are made for security measures.”

The researcher says it is better to have the code checked by the people who maintain the Linux kernel, or no longer put it in the kernel. “These changes would be better in userspace, where they could be written in more secure programming languages ​​or run in a sandbox. At the same time, that wouldn’t make updates to newer kernel releases more difficult either.”

Google has not previously spoken out against editing the Linux kernel by Android manufacturers. Project Zero found a vulnerability in Samsung’s Process Authenticator kernel feature, and it also turned out to be possible to still exploit an old kernel vulnerability because even a newer update ran an older kernel.