Hackers Breach LineageOS Servers Through Unpatched Vulnerability

According to developers, Source Code, OS Builds, & Signing Keys Were Unaffected

LineageOS is a free and open-source, Android-based operating system used for smartphones, tablet computers, and set-top boxes. The hackers were succeeded to exploit the LineageOS servers through the unpatched vulnerability.

Reportedly, the hackers tried to interrupt the operating system on Saturday night, at about 8 pm (US Pacific coast). Luckily, the hackers were detected within 3 hours and were caught before they could damaged the whole LineageOS server.

Also Read: 17-Year-Old Arrested For Coding Malware To Steal Cryptocurrency Wallet Passwords

Since April 30, the operating system’s working was put on hold due to some issues. According to the LineageOS team, the source code of the operating system was safe from the attacker’s approach because they failed to establish any link to the operating system.

The LineageOS also has signing keys that have separate storage servers which are used to authenticate the official OS distributions. The hackers also failed to harm these signing keys.

Stated by the LineageOS developers “the hackers tried to breach the Salt installation of the LineageOS through the unpatched vulnerability.”

The Saltstack provided an open-source Salt server that is used to manage, automate, and deploy the servers inside the data centers, internal networks, and cloud server setups.

Reportedly, a cybersecurity company F-Secure discovered the two vulnerabilities such as CVE-2020-11651 (An authentication bypass) and CVE-2020-11652 (a directory traversal) which are used to manage the Salt installations.

Both Authentication-Bypass and Directory-traversal vulnerabilities allow attackers to bypass login procedures and have access to the Salt server. Once the attackers gain access they can run codes on Salt master servers that are vulnerable on the internet.

According to Salt server owners, Attackers have in some cases planted backdoors on hacked servers. They had deployed

  • Backdoor
  • Cryptocurrency Miners.
Description
My all servers with salt-minion installed,An unknown program suddenly ran today,
He's /tmp/salt-minions

[[email protected] ~]# top

top - 10:06:44 up 511 days, 18:39, 3 users, load average: 2.01, 2.02, 1.91
Tasks: 193 total, 1 running, 192 sleeping, 0 stopped, 0 zombie
Cpu(s): 7.2%us, 18.3%sy, 0.0%ni, 74.1%id, 0.4%wa, 0.0%hi, 0.0%si, 0.0%st
Mem: 8060948k total, 7502768k used, 558180k free, 76316k buffers
Swap: 4194300k total, 437368k used, 3756932k free, 188012k cached

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
2280 root 20 0 56.0g 541m 1588 S 101.1 6.9 345886:48 tp_core
27061 root 20 0 2797m 1848 1000 S 99.1 0.0 36:02.75 salt-minions

[[email protected] ~]# ps -ef |grep 27061 | grep -v grep
root 27061 1 89 09:26 ? 00:36:37 /tmp/salt-minions

sal-minion version 2018.3.2
sys:CentOS release 6.5 (Final)

Recently, more than 6,000 Salt servers were exploited through this unpatched vulnerability. Reportedly earlier this week, the Salt team has released a patched vulnerability server. Hence, for more security, these Salt servers should be kept behind a firewall and should not be left as unpatched.

This wasn’t the first time the hackers attacked the operating system. The Canonical’s GitHub account was also breached by the hackers in July 2019, Ubuntu source code was also unaffected.

Therefore, the LineageOS team investigate the incident and patched all the Salt vulnerability servers to make them secure in the future.

Back to top button
Close