Developer Warns of Samsung Smartphone Vulnerability
The flaw could provide an attacker with access to all physical memory on a device.
In a recent post on the XDA-Developers forum, member Alephzain announced the discovery of a new vulnerability in Samsung mobile devices.
"The problem doesn't seem to be with Android itself, but with the 4410 and 4412 versions of the proprietary Exynos chip that Samsung puts in many of its devices," writes TechNewDaily's Paul Wagenseil. "Samsung also calls those versions the Exynos 4 Dual 45nm and Exynos 4 Quad."
"This processor can be found in Samsung’s Galaxy Note, Galaxy Note 2, Galaxy Note 10.1, Galaxy S2 and Galaxy S3," writes redOrbit's Michael Harper. "Only international versions of Samsung’s Galaxy S3 use the Exynos chip, meaning any American-bound phone is safe from this exploit."
"All physical memory on the device can be accessed and, in the worst-case scenario, stolen or erased by an attacker who uses an app to exploit the flaw, Alephzain said," writes SC Magazine's Danielle Walker.
"The train of thought is that an app could be built with this exploit hidden inside, rooting your phone without your knowledge," writes Android Central's Jerry Hildenbrand. "It then could use the new elevated permissions to send data off to somewhere else, or do any number of equally dirty things you can do with root access. These apps could be distributed anywhere, and are easily installable."
"Following [the] disclosure, a different XDA developer released code that offers some protection from the exploit," writes Ars Technica's Dan Goodin. "Readers should carefully consider the pros and cons before installing this app, since it may void handset warranties."