On Saturday, hackers broke into LineageOS servers via an unpatched vulnerability and took control of the main infrastructure.
LineageOS is one of the most popular custom ROMs and takes pride in delivering the latest Android updates to unsupported devices. Last month, the developers rolled out LineageOS 17.1 based on Android 10 with several unique features.
LineageOS has said the attack was detected before the crooks could do any harm to the source code. Soon after the attack, the team took down all its servers to patch the vulnerabilities.
Around 8PM PST on May 2nd, 2020 an attacker used a CVE in our saltstack master to gain access to our infrastructure.
We are able to verify that:
– Signing keys are unaffected.
– Builds are unaffected.
– Source code is unaffected.
See https://t.co/85fvp6Gj2h for more info.
— LineageOS (@LineageAndroid) May 3, 2020
As per LineageOS, the operating system, signing keys, and the OS builds were unaffected. Thankfully, the builds stopped rolling out before the attack due to unrelated issues.
How was LineageOS attacked?
Hackers exploited the vulnerability in the “Saltstack master” to gain access to the LineageOS infrastructure. Recently, two major vulnerabilities were discovered in the Salt framework, which can be used to take over Salt installations, according to ZDNet.
LineageOS uses Salt installation, an open-source software to manage and automate servers in cloud data centers.
According to the team behind Salt, both the vulnerabilities can be used to run malicious code on Salt master servers and bypass the login process. The developers of the SaltStack Salt framework have asked users to update their builds as soon as possible.
LineageOS is still investigating the matter. Meanwhile, custom ROM users shouldn’t worry as hackers weren’t able to reach the source code.