Hackers Breach LineageOS Servers Via Unpatched Vulnerability

An anonymous reader writes: Hackers have gained access to the core infrastructure of LineageOS, a mobile operating system based on Android, used for smartphones, tablets, and set-top boxes. The intrusion took place on Saturday night at around 8 pm (US Pacific coast), and was detected before the attackers could do any harm, the LineageOS team said in a statement published less than three hours after the incident. The LineageOS team said the operating system's source code was unaffected, and so were any operating system builds, which had been already paused since April 30, because of an unrelated issue. Signing keys, used to authenticate official OS distributions, were also unaffected, as these hosts were stored separately from the LineageOS main infrastructure. LineageOS developers said the hack took place after the attacker used an unpatched vulnerability to breach its Salt installation.

SaltStack

[phantomfive]

SaltStack is written in Python, but it can still have vulnerabilities. This is one of those security issues that should never affect you: Salt should not be world accessible. Learn how to set up a firewall and VPN, and you will literally never have a problem with this.

Re:SaltStack

[kwalker]

Except now so many things run in AWS that if you don't allow the AWS networks to talk to your Salt Master, you can't manage them and you lose out on all the things you were doing with Salt anyway.

A VPN will only protect you until it turns up with a 0-day too.

Re:

[phantomfive]

Except now so many things run in AWS that if you don't allow the AWS networks to talk to your Salt Master, you can't manage them and you lose out on all the things you were doing with Salt anyway.

If you can't set up Salt in a secure way, then don't use it. There are plenty of options for AWS config that can be set up securely.

Re:

[ahodgson]

VPC security rules are a thing.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[rizwanali10486]

Hello https://calendrier2020.me/ [calendrier2020.me]

11AM China standard time

[cyberspittle]

Sounds like government sponsored attack. If you can become part of food chain at high level, you are in control. Like owning Zoom certs ...

Dang, that's a bother.

[kpoole55]

I have a Samsung Galaxy Tab 4 10.1 that I was going to, finally, break down and install a Lineage OS on. Darn thing's been flaky and I was hoping that a new OS would straighten it out. Probably find that Clash of Clans won't install, though.

Re:

[sad_]

there was no harm done to any of the lineage code, it's still safe to upgrade your phone.