Every business, OS, device, and technology are under the constant threat of being attacked. It’s not only the malware, but there are other cybersecurity threats and network vulnerabilities that can be exploited by hackers to steal the company’s data. Unpatched vulnerabilities are the most significant risk for any business, OS. Therefore, to stay secure from such threats, we need to keep updating our system.
Taking advantage of such vulnerabilities, hackers attacked LineageOS. The company admitted to this in a tweet and said the news is true, but they even said that before hackers could do any harm, the attack was detected.
What is LineageOS?
Officially launched on December 24, 2016, Lineage OS successor of custom ROM CyanogenMod is a free and open-source operating system. The OS is based on the Google Android platform and is available for smartphones, set-top boxes, tablets.
Development builds are available for 109 models with 1.7 million + active installs. Last month, developers released LineageOS 17.1 based on Android 10 was rolled out.
When did the breach take place?
In a tweet, the company admitted a breach happened on Saturday night. However, it was detected timely; therefore, no harm was discovered.
In addition to this, the operation system, OS builds, signing keys, etc. were unaffected.
What did the company say?
“Around 8PM PST on May 2nd, 2020 an attacker used common vulnerabilities and exposures (CVE) in our saltstack master to gain access to our infrastructure,” said the company.
Around 8PM PST on May 2nd, 2020 an attacker used a CVE in our saltstack master to gain access to our infrastructure.
We are able to verify that:
– Signing keys are unaffected.
– Builds are unaffected.
– Source code is unaffected.
See https://t.co/85fvp6Gj2h for more info.
— LineageOS (@LineageAndroid) May 3, 2020
“We are able to verify that: Signing keys are unaffected, Builds are unaffected, Source code is unaffected,” added LineageOS.
How did the hacking take place?
Hackers used unpatched vulnerability in an open-source framework provided by Saltstack, known as Salt, to exploit LineageOS.
Salt is used to automate & manage servers inside cloud server setups, internal networks, or data centers.
Which two unpatched vulnerabilities were exploited?
The two unpatched vulnerabilities are:
CVE-2020-11651 (an authentication bypass)
CVE-2020-11652 (a directory traversal)
When these two are combined, they allow an attacker to bypass login procedures and run code on Salt master servers, leaving them exposed on the internet.
Currently, 6,000 Salt servers are left exposed online, and they can exploit using this vulnerability, if not patched.
Why target LineageOS
Since this open-source OS extends both the lifespan and functionality of mobile devices, more than 20 different manufacturers are connected to its open-source community. Looking at this, hackers targeted LioneageOS.
Not only these attackers even planted backdoors on hacked servers, and they deployed cryptocurrency miners too.
All this makes this attack the second major operating system hack. Completely stopping these attacks is not possible; therefore, we need t pay attention to everything that surrounds us.
After knowing how sophisticated hackers have become, I am starting to worry if we are sage or not? Do you have the same question is mind? Yes, what do you to pacify your mind and stay safe please share your experience.