It hasn’t been longs since we heard of a zero-day vulnerability affecting numerous Android phones. Now, a researcher has leveraged this vulnerability to create an effective rooting app for Android. Named Qu1ckR00t, the app exploits that same zero-day to root just about any Android device.
Qu1ckR00t App Exploits Zero-Day To Root Any Android
As revealed through a recent blog post, a security researcher has deployed an Android rooting app online. This app, named Qu1ckR00t, effectively exploits the Android zero-day vulnerability reported earlier this month.
According to the researcher Grant Hernandez, the exploit effectively roots an Android device without requiring OEM unlock.
As explained in his blog post, successful exploitation required bypassing major Android security layers. These include Discretionary Access Control (DAC), Mandatory Access Control (MAC), Linux Capabilities (CAP), and SECCOMP.
To get a full root shell we’d need to bypass each layer of enforcement… On a modern Android system, this is a significant undertaking without a kernel vulnerability.
While triggering the actual vulnerability required another malicious resource to bypass the security checks, Hernandez developed a comprehensive exploit including the security bypass as well.
With an app accessible kernel exploit, we have the ability to bypass or disable all of these with relative ease. For each task on a system, the Linux kernel keeps track of its state in the task_struct structure. This state happens to include security relevant details such as all of the user IDs, its SELinux context, what capabilities it has, if SECCOMP is enabled, and many others. If we are able to target a specific task_struct with our R/W primitive, we will be able to change these security sensitive values to what we please.
In his PoC video, he demonstrated the exploitation of CVE-2019-2215 on his Google Pixel 2 device.
Rooting a Pixel 2 with Magisk from an untrusted app using CVE-2019-2215, no OEM unlock needed pic.twitter.com/yGovBluQj5
— Grant Hernandez (@Digital_Cold) October 9, 2019
He has also shared the code for Qu1ckR00t – one-click rooting app – on GitHub as well.
Disclaimer And Exploit Limitations
The researcher has clarified that he only tested the exploit on his Pixel 2. Although, the app is highly likely to work well for rooting other Android devices as well. Yet, he still warns users about the possible risks associated with using this app on personal devices as it may lead to data loss or system crashes.
Also, Google has patched the vulnerability CVE-2019-2215 with the October update. Hence, this app will not work for devices running the patched Android versions.
Let us know your thoughts in the comments.