Vulnerability: Hackers attack LineageOS to break LineageOS infrastructure

Vulnerability in the platform allowed attackers to gain access to the LineageOS infrastructure. Although hackers had access to the servers, it is obvious that sensitive data was not stolen. The team is working on fixing vulnerabilities.

Vulnerability: Hackers attack on LineageOS to break LineageOS infrastructure

LineageOS is an Android-based mobile operating system that was then known as CyanogenMod. According to ZDNet, unknown hackers managed to infiltrate LineageOS infrastructure last night. However, the attack was discovered before the damage was done.

Sensitive data has not been stolen

According to the LineageOS team, sensitive data was not stolen. The keys that are used to sign the official versions are stored in other systems.

Attackers exploited the vulnerability in the open-source Salt environment. The software is used to manage servers in data centres or other internal networks. The two main security vulnerabilities that hackers can use to hijack Salt servers were released earlier this week. In some cases, the attackers managed to establish a back door.

Typically, salty servers should run behind a firewall and not allow requests from the Internet. However, this is not the case on many networks. A few days ago, fixes were made for two security vulnerabilities.

The LineageOS team immediately responded to the attack and temporarily removed all the servers affected by the attack from the network. Developers are currently working on fixing vulnerabilities so that such an attack is no longer carried out in the future. Who is behind the attack and what goals are being pursued is still completely unclear.

Hackers breach LineageOS infrastructure without any threat

Hackers gained access to the basic infrastructure of LineageOS, an Android-based mobile operating system used for smartphones, tablets and set-top boxes.

The invasion occurred last night, Saturday, at about 8 p.m. (the US Pacific coast), and was discovered before the attackers could do any harm, the LineageOS statement said less than three hours after the incident.

The LineageOS team said that the source code for the operating system was not affected, like any builds of the operating system that were suspended since April 30 due to an unrelated issue.
The signature keys used to authenticate the official OS distributions were also not affected, as these hosts were stored separately from the main LineageOS infrastructure.

LineageOS developers said that the hacking occurred after an attacker used an insecure vulnerability to disrupt the Salt installation.

Salt is the open-source platform provided by Saltstack, which is typically deployed and used to manage and automate servers inside data centres, configure cloud servers or internal networks.
Earlier this week, cybersecurity firm F-Secure revealed two major vulnerabilities in the Salt environment that can be used to install Salt installations.

0 Response to "Vulnerability: Hackers attack LineageOS to break LineageOS infrastructure "

Post a Comment

Iklan Atas Artikel

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel