Samsung gets a ‘scolding’ from Google for tweaking Android codes and making Galaxy phones vulnerable

    Samsung tried to change the Android kernel code in order to improve the security but unfortunately, ended up exposing the handset to even more bugs, as per the Google Project Zero team.
    By HT CORRESPONDENT
    | Updated on Feb 18 2020, 08:49 PM IST
    A woman walks past the logo of Samsung Electronics at its showroom in Seoul.
    A woman walks past the logo of Samsung Electronics at its showroom in Seoul. (AFP)
    A woman walks past the logo of Samsung Electronics at its showroom in Seoul.
    A woman walks past the logo of Samsung Electronics at its showroom in Seoul. (AFP)

    It's a common practice for Android OMEs to tweak the kernel code of the software to customise it for their smartphones. Sometimes it is done to improve the security and sometimes to cater to the hardware-based features. Samsung tried to change the Android kernel code in order to improve the security but unfortunately, ended up exposing the handset to even more bugs, as per the Google Project Zero team.

    Also read: Looking for a smartphone? To check mobile finder click here.

    As mentioned by Jann Horn from the Project Zero team in a blog post, Samsung tried to add downstream custom drivers for direct hardware access to Google's Android Linux kernel. This was done in the kernel of the Galaxy A50 smartphone. The issue here was that Samsung added downstream custom drivers without putting it for review with the upstream kernel developers.

    "In other words, Samsung's protection mechanisms won't provide meaningful protection against malicious attackers trying to hack your phone, they only block straightforward rooting tools that haven't been customized for Samsung phones. My opinion is that such modifications are not worth the cost," said Horn in the blog post.

    Also read: Google fixes critical flaw in Android that let attackers gain access to your data using Bluetooth

    However, Horn added that what Samsung did was nothing new or uncommon as some other brands do it as well and in the process, make their devices more prone to attacks. In this case, Samsung's downstream drivers introduced a memory corruption bug that Google reported to the South Korean handset maker back in November last year. This is now being patched in Samsung's February update for Galaxy phones.

    Also mentioned is that the February patch also fixes a flaw in the 'TEEGRIS devices' wherein TEE means Trust Execution Environment and is found in newer Galaxy phones that feature the company's own TEE operating system. In case you didn't know, Samsung Galaxy S10 is one of the TEEGRIS devices.

    Follow HT Tech for the latest tech news and reviews , also keep up with us on Twitter, Facebook, and Instagram. For our latest videos, subscribe to our YouTube channel.

    First Published Date: 18 Feb, 08:14 PM IST
    Tags:
    NEXT ARTICLE BEGINS
    keep up with tech