Samsung Exynos devices kernel vulnerability
A security vulnerability affecting Samsung devices has recently been discovered by members of the XDA Developers forum. According to the information posted on the forum, all Samsung devices with an Exynos chip may be affected by this including the Samsung Galaxy Note 2, Samsung Galaxy S2, Galaxy Note 10.1 and others.
It is a kernel vulnerability that provides attackers with root and read and write access to all physical memory. If that would not be bad enough, it can be exploited by malicious apps that get installed via Google's Play store or by sideloading them to the device. No root or modification is necessary for this to happen, which effectively means that any specifically prepared application can exploit the vulnerability on affected phones.
What makes this vulnerability that dangerous is that it can be exploited by applications users install straight from Google Play, and that users may not even become aware of what is happening in the background after they have installed the app on their phone.
Samsung phones owners who use a phone with an Exynos chip need to take extra care when they install apps on their phones. It is highly suggested to only install applications from trusted sources and even there, double and triple check before the app is installed.
Forum members are already working on temporary fixes that protect Samsung devices from exploits of the vulnerability and quick patches seem to protect rooted Samsung phones already.
According to information posted on the forum, Samsung has been notified about the issue. There has been no reaction so far though.
Update: Exynos Abuse has been released on the forum which uses the security vulnerability to gain root privileges to installer SuperSu on devices. It then allows you to disable the exploit or re-enable if in case you do need it again. Note that it may break the phone's camera and the developer notes that this is a workaround and not an actual fix.
Please note that there is always risk involved when installing applications on your phone, and especially so if you install them from third party sources.
Advertisement
My current Galaxy s2 is my last samsung device because of tjhe camera being faulty, it’s slow at times and gets really hot ever since the day I brought and without third party apps installed, my next phone will be android though as it is the best OS it is just sam sung that is F*****! Thanks for taking my $ Samdung
My current android smartphone will be my last. With no central control of the OS there is no guarantee that such vulnerabilities will be fixed. It is a pity as the OS succeeds on so many levels, but with phones increasingly being used for electronic banking, online purchasing, etc, an insecure OS is just too dangerous.
Windows is also full of security issues since day one, but look at its market share. A few years back I am not sure who will dominate, but now I can say Android is here to stay. Furthermore, this vulnerability only affects Exynos-based devices; by next year people are changing phone again so it’s not going to hurt anyone or Samsung much.
Samsung must release patch ASAP, where the hell is Samsung response to this news…it’s already two days old thought :S If Samsung is this slow, maybe my next phone would be Google Nexus instead of Samsung… At least Nexus gets patches directly from Google, not throught Samsung and must then wait months for update.
“Samsung must release patch ASAP..”
Why should they ? Samsung will sell you a new S IV with the bug fixed.
Nothing new, its Android, and Samsung smart TVs have also been hacked.
Android has now more malware than Windows.