Technology

Google cries foul on samsung trying to add its own security features

Google cries foul on samsung trying to add its own security features
The blog post stated, “Unfortunately, it is more difficult to generically lock down the attack surface that is created when vendors modify core kernel functionality.”

Google’s security group Project Zero in a blog post has called out Samsung for making changes in the Android kernel. It stated that these changes leave Android devices more vulnerable to attacks. Apart from this, the team also stated that a number of smartphone manufacturers have been adding their own code to the Android kernel, which then opened up a door to hackers by exposing security flaws.

In the blog post, Samsung has been mentioned specifically for adding code to the Android kernel of its mid-range Galaxy A50 smartphone. Samsung had modified the kernel to add an extra security subsystem to track process identities (named PROCA short for Process Authenticator), which created a memory bug.

It stated that by combining several logic issues in this subsystem with a brittle code pattern, hackers can cause a possible memory unsafety.

The blog post stated, “Unfortunately, it is more difficult to generically lock down the attack surface that is created when vendors modify core kernel functionality.” Due to which it recommends that manufacturers should stop making changes to the Android core kernel.

Android 11 First Developer preview is here: How to get it on your Pixel phone

The company has since then issued a patch for the above bug, however, in the post, it is stated that the fix is “very unreliable.” He rather suggests that smartphone manufacturers should rely on Android’s built-in security features, instead, of trying to add their own features via the source code kernel.

Diwali Offers on Mobiles - Get Cashback Upto Rs. 3000 Bajaj finserv

Samsung has not responded to this statement as of now, but we expect the company to soon come out with a statement.

© IE Online Media Services Pvt Ltd