Security flaw found in Samsung devices

[nsane.forums]

A vulnerability found in the kernel of many Samsung devices has opened devices such as the Galaxy S2, S3, Note 2, and Note 10.1 up to abuse by hackers.

A vulnerability that allows any app to access the RAM on Samsung devices has been found by developers who were digging into the kernel for Samsung's Exynos systems.

Exynos is the ARM-based system on chip that's typically found in Samsung's mobile devices and tablets.

XDA Developers member alephzain first brought up the vulnerability on the site's forum, claiming that access to the device's physical memory is read-and-write enabled by all users.

With the ability to read and write to memory at will, alephzain said that any application could dump the contents of the device's RAM and/or inject arbitrary code into the kernel. Such manipulations of memory could potentially allow an attacker to extract data and forward it elsewhere, or modify data to present the user with false data while the application does something else. The vulnerability itself also allows devices to be rooted.

Alephzain has named a couple of the devices that are vulnerable, and others have been able to independently verify that the issue exists. In particular, another developer on the forum, Chainfire, has released an application that uses the vulnerability to gain root privileges, and has listed which devices are currently known to work.

These devices use the Exynos 4210 or 4412 system on chip and include:

• Samsung Galaxy S2 GT-I9100
• Samsung Galaxy S3 GT-I9300
• Samsung Galaxy S3 LTE GT-I9305
• Samsung Galaxy Note GT-N7000
• Samsung Galaxy Note 2 GT-N7100
• Verizon-based Samsung Galaxy Note 2 SCH-I605
• Samsung Galaxy Tab Plus GT-P6210
• Samsung Galaxy Note 10.1 GT-N8000
• Samsung Galaxy Note 10.1 GT-N8010
• Samsung Galaxy Note 10.1 GT-N8020.

Although the Google Nexus 10 uses the Exynos platform, it has been confirmed as not being affected, as it uses the Exynos 5250.

Not everyone has agreed with how the vulnerability was made public, nor the public availability of code that allows it to be exploited. Given the late notice that manufacturers were given, forum member supercurio has taken it upon himself to release a quick fix for the vulnerability while the manufacturers determine how best to tackle the issue.

View: Original Article

[LiLmEgZ]

Rather frightening as I was thinking of getting a Samsung Galaxy phone very soon! Maybe it will be fixed by then?

[Olexijl]

I actually downloaded the supercurio's apk. After install i found that i am not affected.

Galaxy S2 (GT-I9100)

Android 2.3.6 CheckROM (XWLA4)

[davhag]

Found a link I thought I would share just in case it has not been posted yet and in case you need to make arrangements.

http://dottech.org/90584/samsung-galaxy-s-iii-note-ii-and-other-devices-are-vulnerable-to-hackers-due-to-exynos-4-chip-bug/

http://www.xda-developers.com/android/dangerous-exynos-4-security-hole-demoed-and-plugged-by-chainfire/

[DKT27]

Samsung working to fix latest Galaxy S III exploit

Samsung says it's working “as quickly as possible” to fix an exploit in some of its Android phones, which could allow hackers to gain total control over the device.

The exploit was first reported on the XDA Developers forums on Saturday, and attracted lots of attention from the tech press. It allows malicious apps to control all physical memory on the device, thereby allowing for remote wipes, access to user data and other malicious activities.

All Samsung Android phones based on Exynos 4210 and 4412 processors are vulnerable. As Android Central notes, that includes the Galaxy S II on Sprint, Galaxy Tab 2, Galaxy Note 10.1 and certain Galaxy Player models. International versions of the Galaxy S III, Galaxy Note and Galaxy Note II are affected, as well as U.S. versions of the Galaxy Note II, but U.S. versions of the Galaxy S III are not affected.

In a statement to Android Central, Samsung says it's aware of the issue and is working on a software update to fix it. “Samsung will continue to closely monitor the situation until the software fix has been made available to all affected mobile devices,” the company said.

No biggie, says Samsung

Although this exploit sounds pretty dangerous, Samsung says that “most devices operating credible and authenticated applications” won't be affected. In other words, if you're downloading trustworthy apps from the Google Play Store, you probably have nothing to worry about. (It's unclear whether Google's malware scanner, which examines all new apps in its store, is picking up on this new exploit.)

Still, the exploit doesn't look good for Samsung, which just a few months ago had to scramble to fix another software vulnerability. That security flaw allowed attackers to remotely wipe phones running Samsung's TouchWiz UI, using only a Web link with malicious code.

To be clear, these are security flaws in specific Samsung phones, not to be confused with general malware such as apps that send premium-rate SMS messages without permission. The common thread, however, is Android's open app ecosystem, which allows users to install any software they want. While all Google Play Store apps must pass a malware check, the system isn't foolproof. Neither is the new built-in malware scanner in Android 4.2 for apps from outside the store.

Which brings us back to the usual refrain: An occasional security threat is the byproduct of having that open ecosystem. That means users should take some basic precautions before downloading an app, like seeing how many users have downloaded it, and what they're saying about it. As Samsung says, credible applications won't pose any danger, even for this new exploit. But if a little extra care sounds like too much work, there's always the iPhone or Windows Phone instead.

View: Original Article

[KurDz]

I actually downloaded the supercurio's apk. After install i found that i am not affected.

Galaxy S2 (GT-I9100)

Android 2.3.6 CheckROM (XWLA4)

bro where u get the app from? i have glaxy s2 could u inform me pls