Dirty Cow, a Linux kernel vulnerability discovered only a week ago can be potentially used to root any Android device released till date until a a security patch update to fix the Linux kernel bug is released.
Dirty Cow is a privilege-escalation bug that has been present on the Linux kernel code for about 9 years, but was discovered only now. And although it has been patched on the mainline Linux kernel, but the vulnerability is present on almost every modern operating system that is built on top of the Linux kernel.
The vulnerability is present on every Linux system that uses a Linux kernel version greater than 2.6.22, which means every Android version (from Android 1.0 to 7.1.1 Nougat) can be exploited using Dirty Cow vulnerability to get root access.
Developer Arinerron over at github has created a simple root.sh script using the Dirty Cow exploit which you can run on any Android device to get root access. The script creates a ‘run-as’ binary on the device that can execute packages as root. The script is not a permanent root solution, but shows how easy it’s to root Android devices with Dirty Cow exploit.
How to Root Android using Dirty Cow Exploit
- Get to a PC that runs on a Linux OS and has Android NDK installed.
- Download and unzip the root.zip file from the download link above. You’ll get a root.sh file.
- Enable Developer options and USB debugging on your Android device.
- Connect your device the Linux PC.
- Run the root.sh script file on the PC and it’ll install a ‘run-as’ binary on the device which you can use to execute packages with root access.
That’s all. We hope the folks over at xda or other Android communities fire up a quick tool that can properly root Android devices using the Dirty Cow exploit.