LineageOS: Hackers Breach Servers Of Most Popular Android Custom ROM


On Saturday, hackers broke into LineageOS servers via an unpatched vulnerability and took control of the main infrastructure.

LineageOS is one of the most popular custom ROMs and takes pride in delivering the latest Android updates to unsupported devices. Last month, the developers rolled out LineageOS 17.1 based on Android 10 with several unique features.

LineageOS has said the attack was detected before the crooks could do any harm to the source code. Soon after the attack, the team took down all its servers to patch the vulnerabilities.

As per LineageOS, the operating system, signing keys, and the OS builds were unaffected. Thankfully, the builds stopped rolling out before the attack due to unrelated issues.

How was LineageOS attacked?

Hackers exploited the vulnerability in the “Saltstack master” to gain access to the LineageOS infrastructure. Recently, two major vulnerabilities were discovered in the Salt framework, which can be used to take over Salt installations, according to ZDNet.

LineageOS uses Salt installation, an open-source software to manage and automate servers in cloud data centers.

According to the team behind Salt, both the vulnerabilities can be used to run malicious code on Salt master servers and bypass the login process. The developers of the SaltStack Salt framework have asked users to update their builds as soon as possible.

LineageOS is still investigating the matter. Meanwhile, custom ROM users shouldn’t worry as hackers weren’t able to reach the source code.

Charanjeet Singh

Charanjeet Singh

Charanjeet owns an iPhone but his love for Android customization lives on. If you ever ask him to choose between an iPhone, Pixel or Xiaomi; better if you don't.
More From Fossbytes

Latest On Fossbytes

Find your dream job