Just last week, Google pushed a much-needed security update for its Android operating system. The update effectively fixed 15 dangerous vulnerabilities ― but left one of the most major security holes wide-open. The remaining weakness has been dubbed Dirty COW, and if not patched soon, it could allow millions of Android devices to fall victim to dangerous exploits.
What Is Dirty COW?
Perhaps surprising to most, the Android operating system uses a Linux kernel as its core. On one hand, this makes Android incredibly safe and stable; open-source and relatively uncommon, Linux rarely suffers from the same insecurities as more popular operating systems, such as Windows or iOS. On the other hand, it means Android suffers from the same vulnerabilities as other Linux-based systems, and this unfortunately includes Dirty COW.
COW stands for copy-on-write, which is also frequently called implicit sharing or shadowing. This programming technique is meant to duplicate modifiable resources when modifications are made with the goal of reducing consumption of unmodified resources. Ultimately, copy-on-write helps programs remain small by ensuring only a small number of resource copies are made.
In the Linux kernel, the COW has a devastating flaw. Dubbed CVE-2016-5195 ― or Dirty COW ― the condition allows unprivileged local users to gain write access to read-only memory. This is called privilege escalation vulnerability, which is dramatically less common than typical code execution vulnerabilities. Still, privilege escalation vulnerabilities can be exceedingly dangerous ― especially since an exploit has already been found in the wild.
More or less, Dirty COW allows users to elevate their privileges, eventually gaining administrative authority and perhaps making changes to the operating system’s kernel. To some Android users, this vulnerability might actually be a blessing, allowing them to add additional features that device manufacturers and carriers deny ― similar to jailbreaking. However, an open door can let in criminals as well as friends, and with the right virus, Android devices could easily be overtaken by those with malicious intent.
The in-the-wild exploit that is bringing Dirty COW to the forefront was discovered by a Linux security expert in October 2016. Found using an HTTP packet capture, the exploit is easy to execute and never fails. Some experts believe the exploit has been around for years ― perhaps as long as the vulnerability itself. The fact is that Dirty COW isn’t particularly new. Though security experts only recently discovered the exploit, it seems that the Linux kernel has contained the flaw for nearly nine years. One study found that bugs in Linux-based systems tend to have a longevity of about five years, so Dirty COW is particularly devious. Knowing this ― and recognizing the growing interest in mobile cyberattacks ― all mobile device users should download reliable security apps for Android and stay current on system updates to keep their information safe.
Why Isn’t Dirty COW Fixed?
Other systems using the Linux kernel have been safe almost since the vulnerability was discovered because the code fix was relatively trivial to implement. However, most Android devices remain susceptible to the exploit, and no Android updates have successfully addressed the flaw.
Unfortunately, it is impossible to determine whether an Android device has fallen victim to exploitation. Because the nature of the attack is complex, few antivirus systems will inherently be able to differentiate between legitimate and malicious use. Still, some cybersecurity providers are updating their software to detect ― if not block ― Dirty COW attacks.
Though Google’s Android security updates have failed to address Dirty COW, phone manufacturers aren’t leaving their users completely defenseless. Alongside the November update, Google released firmware fixes for its Nexus and Pixel phones and tablets, and Samsung released patches for its devices. Due to the increasing fame of the vulnerability, Android security experts are working to release an official, all-encompassing Android patch sometime in December.
Dirty COW is not the first privilege escalation vulnerability, though it might be the largest and longest-lived flaw for Android devices. Ultimately, it was a human mistake that allowed the commonplace COW technique to become a liability. Still, the cybersecurity community grows stronger every day, and such simple errors are found and fixed faster than ever. If nothing else, Dirty COW is a reminder to keep all software updated and regularly search for supplemental patches ― especially on newer devices like those using Android operating systems.
About the author
Jackie is a content coordinator and contributor that creates quality articles for topics like technology, home life, and education. She studied business management and is continually building positive relationships with other publishers and the internet community.