Researchers Detected A New Attack Of Dirty Cow On Android Device

According to the Trend Micro latest report, a new vulnerability the Dirty Cow has been recently detected by the security experts in the Linux Operating System. The kernel of the Linux OS has written some malicious code in the processes. It has been discovered and tracked as CVE-2016-5195 by the Phil Oester. This flaw allows a local and unprivileged attacker that intensify the privileged by replacing the existing setup files. This problem has been named because It relying on the data on a race condition in the Kernel and due to the operation that is to write (copy on write) COW memory mapping and one of that clears the memory. It may be escape containers.

As this infection has been found in Linux's kernel, It has been expected to make an impact on Android devices. It helps the attackers to achieve root access on the infected device. Google has been already fix these patches from Nexus and Pixels. The all Android devices are executing the new security patch level update of 2016-11-06 to stay protected from Dirty Cow attack. The Trend Micro researchers reported that Dirty Cow can attack on the target devices that is totally different from the other attacks that allows to write the malicious codes on into processes. The experts also revealed that all the Android devices are currently affected by this issue and after attack the actor behind these all is significantly control all the infected devices.

A report of experts says that Once this culprit installed on your device, it can conceal your personal and confidential information and replace your system settings(like it can collect your IP address, turn on your Bluethooth and the hotspot). It can secretly install an application on the device as it is not install from the Google Play Store. In a report Trend Micro says that the Linux kernel allows an ELF executable into the memory, when it is running for the first time and it uses this method again in the opening of file. By dropping the infection of Dirty Cow On the executing ELF the attacker can make changes in the running process image.

This issue allows an attacker to alter any changes in the running process which is readable. If the process is not readable, this parasite uses cat /proc/{pid}/maps to make it readable and when the ELF have been loaded and it dynamically replaces the ART(Android Runtime) process at the same time. As the attacker can run the malicious application on the infected device, it inject the vulnerable codes and take control on all the processes. As it is noticed that Google has been notified about this issue, Dirty Cow and it has been solved in November 2016 Androids updated but it is not an effective solution to solve this flaw. So users should be aware of these types of attacks.