Binder is one of the key components of the Android system. Last year, we researched Binder, and found several problems in the Binder driver. Surprisingly, some of them are really powerful, especially the CVE-2019-2025 which is named “Waterdrop” and was disclosed in March 2019.
The “Waterdrop” vulnerability has three striking features:
It could be exploited as universal root solution.
It could be used for sandbox escalation
It could arbitrary read/write.
This vulnerability affects most of the Android devices in the recent two years with the Linux kernel version 3.18~4.20. The vulnerability takes effect on both the latest Google Android 9 Pie and Android 8 Oreo. As a result, a large amount of Android devices are under the threat such as Google, Samsung, HUAWEI, OPPO, etc.
We will also show how we were successful in rooting the latest Pixel 3xl, Pixel 2xl and Pixel with this single vulnerability – as far as we know, this is the first time the Pixel 3xl has been rooted.