Exploit in Samsung’s Exynos chip, affects Galaxy S III, Galaxy Note II and other devices
December 17, 2012
2 Comments
Android - Chipsets, Processors and GPU - Gadgets & Gear - Latest - Mobiles and Tablets - News - Samsung
Folks over at XDA always tend to surprise us with something unique from time to time. Now, a user at XDA developers named “Alephazain” has discovered a flaw in two of the Samsung’s Exynos processors- the 4210 and the 4412. The flaw is quite serious as it exposes the devices which run on these processors to some malicious Apps , which may be able to gain control over the device and then can access the users’ data.
Basically, this exploit exposes the device’s RAM to be accessed with ease, which on one hand might enable the users to root their device quite easily, but at the same time, can expose it to some malicious Apps which might too root your device and take control over it.
According to various online reports, the following Samsung smartphones are vulnerable to this exploit- International version of Samsung Galaxy S3, Some of the Galaxy S2 models, Galaxy Note 10.1, Galaxy Note 1 and Note 2. Experts believe that users are better off sticking to trusted Apps till Samsung comes up with a fix for this exploit.
The XDA user who discovered the flaw dubbed it as a huge mistake and went on to say that, [quote]The security hole is in kernel, exactly with the device /dev/exynos-mem
The good news is we can easily obtain root on these devices and the bad is there is no control over it.
Ram dump, kernel code injection and others could be possible via app installation from Play Store. It certainly exists many ways to do that but Samsung give an easy way to exploit. This security hole is dangerous and expose phone to malicious apps.
Exploitation with native C and JNI could be easily feasible. [/quote]
Though, there is no official word from Samsung yet, but it is being reported that XDA has informed Samsung about this flaw and the company will now try and fix the issue ASAP. Till then, we advice the users to just stick to the Apps available on the Play Store as of now, and avoid installing Apps from unknown sources.
