At this time when many people are at home, we can expect online activities to increase. Don’t be surprised if your internet connection is unusually slow. People are using the bandwidth without control more than ever. This quarantine season too means hackers have more time in their hands and are able to target more people. LineageOS has been the latest victim as some hackers were able to access its core infrastructure. The mobile OS which is used for tablets, smartphones, and set-top boxes is based on Android.
It’s not all bad because even before the hackers could do something bad to LineageOS, the devs behind it were able to detect and stop the intrusion. The LineageOS team quickly informed the people of the possible breach by sending out an official statement.
The source code of the OS was not affected. Even the operating system builds were not touched because they’ve been paused since April 30. Signing keys were unaffected. So how did the hack begin? It started with the use of unpatched vulnerability. This breaches the Salt installation.
The open-source Salt framework is already known for managing and automating servers inside data centers, internal networks, and cloud server setups. The Salt framework isn’t that perfect so we can expect some issues.
Salt recently saw two major vulnerabilities: CVE-2020-11651 and CVE-2020-11652. These two don’t need authentication but when the two are combined, the could probably allow hackers to bypass login.
The LineageOS devs said there is nothing to worry about. A patch has been released already so nothing will be exposed.