Dirty Pipe Exploit

Using and Android phone? Watch out for a “Dirty Pipe” exploit!

Thursday 12 May, 2022

Exploits that attack Android phones are nothing new, as is the route that the majority of these attacks use; Apps. 

So, it will come as no great surprise that another exploit has recently been discovered. This exploit affects the likes of Google’s Pixel 6 and the Samsung Galaxy S22 mobile phones, along with those using Android 12 OS. 

The latest attack is politely known as a “Dirty Pipe” exploit. This form of attack originates from an infected App. Once downloaded, the app has the opportunity to affect the phone by either changing the actual content of a file you are using or, and even more worryingly, it can potentially give the hacker complete control of your mobile phone. 

How does the Dirty Pipe exploit work?

Naturally, the exact description of how the Dirty Pipe attack works is complex to explain, as it refers to intricacies of Linux programming. However, there is a simpler way to understand the exploit concept.  

The idea of a Dirty Pipe refers to the concept of Linux pipes. These pipes are designed to allow the passing of data between an app or process to another via “pages,” small lumps of your RAM. 

Essentially, it’s feasible for an application to influence the Linux pipes in such a way to make it possible for the app to introduce its own data into a page of memory.

This injection of the app’s own information is the factor that allows the hacker to gain control of the mobile phone i.e. creating a Dirty Pipe. 

What can I do about it?

Firstly, you need to check if your mobile phone was released as an Android 12 or above. It appears that mobile phones older than this do not appear to be affected. 

Secondly, if you do have a mobile that has the potential to be affected, you will need to check if there are any Android patches released that will fix the issue. 

Thirdly, it would be recommended that you do not download any additional apps until there has been a software patch to fix the exploit.

The secure alternative mobile phone 

It is clear that mobile phones are at continued risk to data privacy and security. Third party apps are, again, often the source of hackers being able to gain access to personal information or even taking complete control of the handset itself. 

The alternative to a retail purchase of a “normal” mobile phone is to switch to a product that is significantly more secure. This is where the Blackphone PRIVY 2.0 comes in to its own. 

The Blackphone PRIVY 2.0 has been specially developed to include military grade security features to fully protect communications and stored data. Couple this with the selective use of trusted apps, the opportunity for hackers to exploit handset or OS vulnerabilities has been removed. 

These security and privacy features include:

  • Zero attack surface
  • Verified boot
  • Secure dual OS
  • Trusted updates

If the privacy of your personal data and the security of your files is important to you, either for business or as an individual, then switching to the Blackphone PRIVY 2.0 will be an important step in achieving that safety. 

Simply give one of our team a call and they will happily discuss how the Blackphone PRIVY 2.0 can help you.

The Latest in Mobile Security & Encryption...

App privacy and security rules could be changing

Thursday 30 June, 2022

The risks and threats that are posed by downloading apps from official App Stores as well has third party operators shouldn’t be underestimated.

Spyware is going commercial

Monday 13 June, 2022

Growing numbers of businesses offering cost effective spyware significantly increases risks of attack. Are you at risk?

RTB – Little known tracking that’s selling your privacy

Friday 10 June, 2022

What is RTB? RTB stands for Real Time Bidding and is, essentially, a massive privacy and data breach on a global scale.

Enquire

Looking to buy the new Blackphone PRIVY 2.0? Please buy online here

Buy Blackphone PRIVY 2.0

If you would like more information on the Blackphone PRIVY 2.0 please complete this form and our sales team will be in touch.