lineage os: open source Android mobile platform Lineage OS hacked

In another online rape incident, hackers illegally gained access to the Lineage OS open source smartphone operating system. The online intrusion was confirmed by the company. According to the company, the operating system was hacked last Saturday around 8pm on the US Pacific coast. USA He said that the hack was detected in time and that the attack did not harm the source code of the operating system. The compilations and signature keys also remain intact, he added.

The company provided information about the violation through a Twitter post. “At around 8 pm PST on May 2, 2020, an attacker used a CVE on our SaltStack master to gain access to our infrastructure … We can verify that: Signature keys are not affected … Buildings unaffected … Source code unaffected “read the company’s post on the microblogging site.

For the untrained, Lineage OS is a free and open source operating system based on
Android mobile platform. It is compatible with many devices, including smartphones, tablets, and decoders.

According to the lineage OS developers, the attackers used an unpatched vulnerability to violate their Salt installation. Salt is again an open source framework offered by Saltstack. It is typically deployed to manage and automate servers within data centers, cloud server configurations, or internal networks. Cyber ​​security firm F-Secure recently revealed two major vulnerabilities in the Salt framework. These include CVE-2020-11651, which is an authentication bypass, and CVE-2020-11652, a directory tour. Both vulnerabilities together could allow hackers to bypass login authentication and execute code to leave Salt Master’s servers exposed on the Internet, the cybersecurity company warned.

In particular, this is the second incident in which a major operating system has been exposed to online hacking attacks. In 2019, hackers attempted to violate Ubuntu.