December 17, 2012
Glitch Found In Samsung Phones, Internal Memory Exposed
Michael Harper for redOrbit.com — Your Universe Online
In 2010, developers had figured out a way to break into Apple´s so-called “Walled Garden” and jailbreak an iOS device by simply visiting a Web site. Adding a little insult to injury, users who visited jailbreak.me only had to “Swipe to unlock” their devices, allowing them to run non-Apple approved software on their phones. Once this hack made headlines, Apple and Best Buy stores across the land had to begin blocking “jailbreak.me” from their Wi-Fi networks in order to stop customers from jailbreaking every display device.
While this no doubt hurt Apple´s pride, the iPad and iPhone ecosystems were left relatively unscathed and free from harmful malware.
The good news about this glitch is that these Samsung devices essentially ship to customers with the wide open ability to be rooted, or modified to run different software and processes. The bad news about the hole, however, is that it gives any and all users direct access to the physical memory of the device, meaning any app or hacker could have direct access into the most internal parts of the device.
In another good news/bad news situation, this vulnerability only affects a certain few of Samsung´s devices. The bad news, however, is that these select few are Samsung´s latest and flagship products.
According to a developer known as “alephzain,” the culprit in this security hole is Samsung´s Exynos 4210 and 4412 processor. This processor can be found in Samsung´s Galaxy Note, Galaxy Note 2, Galaxy Note 10.1, Galaxy S2 and Galaxy S3.
Only international versions of Samsung´s Galaxy S3 use the Exynos chip, meaning any American-bound phone is safe from this exploit.
Alephzain posted about this vulnerability to the XDA developers forum board on Saturday morning. The next day, another developer operating under the handle “Chainfire” was able to create an app based on this exploit called “ExynosAbuse.” This app allows any users of these tablets and smartphones to take advantage of the hole and install a root tool for Android called “SuperSU.” At present, ExynosAbuse allows users to root their phones as well as block access to the wide open security hole found in Samsung´s Exynos processors.
However, as Chainfire writes, ExynosAbuse is a work-around problem as opposed to an actual fix.
Another XDA Developer forum member operating under the handle “Supercurio,” has said Samsung has been notified about this issue.
Supercurio has also developed a quick patch for this exploit, though it, too, is only a work-around as opposed to a real fix.
It is not yet known, however, how much risk users of these devices will face as a result of this hole. Android isn´t winning any awards for the security of their app store as it is, and any app developer could use this exploit to take significant control of a device.
According to Jerry Hildenbrand at Android Central, those who have already rooted their phones to get around Samsung´s TouchWiz UI are more likely to notice if their phones are affected by this exploit. Stock devices are still vulnerable to the exploit, however, and users should take extra care when downloading any apps.
For now, these users are waiting on an official word from Samsung.