Samsung Galaxy S22 series, Pixel 6 affected by severe ‘Dirty Pipe’ vulnerability that lets hackers intercept WhatsApp messages, SMS and more

• The ‘Dirty Pipe’ vulnerability was initially noticed in the mainstream Linux kernel, and now, smartphones like the Galaxy S22 series and Pixel 6 have also been confirmed to be affected.
  
• This vulnerability allows hackers to gain complete system-level access and could allow hackers to steal money and intercept WhatsApp messages, among other things.
  
• It is not clear if Google has patched this vulnerability in its March security update.
  

Samsung Galaxy S22 series, Pixel 6 smartphones have been confirmed to be impacted by a severe security vulnerability called ‘Dirty Pipe’, allowing hackers and malicious parties to gain system-level access. The vulnerability is in the Linux kernel that is used by Android, and Google is yet to confirm a fix.

The bug was initially noticed in the mainstream Linux kernel, and since Android also uses the Linux kernel, newer devices running on the affected kernel version have inherited the ‘Dirty Pipe’ vulnerability, too.

Existing smartphones don’t usually get a major kernel update when they get a new Android update, so if your smartphone has received the Android 12 update, it is possible that you are not affected by this bug.

However, other smartphones which have launched with Android 12 out of the box could be impacted, although the names are not certain yet.

What is the ‘Dirty Pipe’ vulnerability?

The ‘Dirty Pipe’ vulnerability allows hackers and malicious third parties to gain system-level access and subsequently overwrite data in the read-only memory.

According to security researchers, hackers could use this vulnerability to gain full root access – that is, access system files and modify, delete, or overwrite them – apart from reading and manipulating app data.

Essentially, this could mean that hackers would not only be able to read WhatsApp messages, they could also manipulate them. They could intercept SMS, remotely control banking apps and steal money, apart from several other malicious things.

In a proof of concept developed by security researcher Max Kellerman, the vulnerability is present in the Pixel 6, the latest smartphone from Google.

Samsung’s latest flagship, the Galaxy S22 series, has also been confirmed as affected by Ars Technica’s Ron Amadeo.

Kellerman reported the ‘Dirty Pipe’ vulnerability to Google in February, and although the March security update has been rolled out, it is unclear if this vulnerability has been fixed as Google has not mentioned anything about it in the changelog.

Thankfully, if your smartphone has not been upgraded to Android 12, you don’t have to worry as this vulnerability affects only Android 12.

SEE ALSO:

Redmi Note 11 Pro, Redmi Note 11 Pro+ and Redmi Watch 2 Lite launched in India

Upcoming smartphones launching in India in March 2022

Carl Pei’s Nothing raises $70 million ahead of its March 23 event – rumoured Nothing smartphone could be officially announced