Security flaw found in Samsung handsets, tablets

Spider

Administrator
Staff member
Mar 24, 2011
15,781
1,812
Summary: An Android exploit could result in remote attackers gaining root level permissions of Samsung products.

By Charlie Osborne for Zero Day | December 17, 2012 -- 10:06 GMT (02:06 PST)

A suspected fault in Samsung's implementation of the Android kernel could result in malicious apps gaining control over user devices.

Brought to light by user "alephzain" on mobile developer forum XDA Developers, the user claims that the flaw potentially affects Samsung devices that use Exynos processor models 4210 and 4412, specific examples including the Samsung Galaxy S2 and Samsung Galaxy Note 2 which use the dual core, fourth-generation Exynos chips.

Exynos is Samsung's ARM-based system on a chip. The newest version of the chip, the Exynos 5 -- or 5250 -- is clocked at speeds of 1.7Ghz and encompasses the latest ARM Cortex-A15 architecture, as well as an ARM Mali T604 quad-core graphics processing unit (GPU). The latest version of Exynos has also recently been used in the latest-generation Samsung Chromebook.

Stating that "The security hole is in kernel, exactly with the device /dev/exynos-mem," and calling the security flaw "a huge mistake," alephzain goes on to describe their findings:

"The good news is we can easily obtain root on these devices and the bad is there is no control over it.
Ram dump, kernel code injection and others could be possible via app installation from Play Store. It certainly exists many ways to do that but Samsung give an easy way to exploit. This security hole is dangerous and expose phone to malicious apps.
Exploitation with native C and JNI could be easily feasible."


Soon after, another forum member, Chainfire, thoughtfully provided a download to an Android application package -- the familiar .apk that we see when downloading a new app to our mobile devices -- which exploits the vulnerability.

"You should be very afraid of this exploit -- any app can use it to gain root without asking and without any permissions on a vulnerable device," the forum use wrote. "Let's hope for some fixes ASAP."

According to Chainfire, affected devices include the Samsung Galaxy S2, Samsung Galaxy Note 2, Samsung Galaxy Note 10.1 and Samsung Galaxy Tab Plus.

The community says that it has informed Samsung of the flaw, and so we can hope a fix will soon be issued if the claims ring true. With so many apps floating around the Internet, the Android operating system has become an increasing target for hackers, who can slip malicious code into seemingly innocent applications which end up stealing data or taking control of your device.

As malicious apps begin to send unauthorized premium-rate SMS messages and steal user bank data, keeping our devices secure is now just as important as being careful when we surf the web on our desktops.
 
Back
Top