Attacker used a CVE in SaltStack master to gain access to LineageOS servers
LineageOS is the successor of the well-known Android customized version project CyanogenMod. After the CyanogenMod announced the closure of the team, some team members established LineageOS to take over the project code.
The current development of the project is not bad. It still provides flashing packages for many well-known Android devices. Users can use this version to get better performance and privacy protection.
Unexpectedly, a hacker was eyeing this open-source project. Earlier, the project team issued an announcement that an unknown hacker tried to attack its server through a SaltStack vulnerability.
Around 8PM PST on May 2nd, 2020 an attacker used a CVE in our saltstack master to gain access to our infrastructure.
We are able to verify that:
– Signing keys are unaffected.
– Builds are unaffected.
– Source code is unaffected.
See https://t.co/85fvp6Gj2h for more info.
— LineageOS (@LineageAndroid) May 3, 2020
Fortunately, the attack was discovered in time and handled properly so the hackers did not succeed. The project team stated that all customized version of the source code has not been tampered with by the hackers.
The LineageOS project team used SaltStack, an open-source management framework, to build its main facilities. At the end of last month, the framework developer issued an announcement saying that a security vulnerability was found.
At that time, the framework developers had fixed the vulnerabilities in time, so the impact was not large, but the LineageOS project team did not upgrade the framework in time.
Subsequently, the project team issued an announcement that the main infrastructure was completely interrupted due to the hacker attack. The administrator was highly alert at the time and the attack was not expanded.
The hacker may want to launch a supply chain attack this time, adding backdoor programs or malicious code to the source code of the project team website and Android customized version for poisoning, etc.
Fortunately, because this attack was discovered by the administrator in time and interrupted the server connection, the hacker did not successfully tamper with the source code and did not cause actual damage.
Now that the entire infrastructure has been successfully restored and the development work has been resumed, users can continue to visit the project team website to download the latest version of the Android image.