Samsung Exynos devices kernel vulnerability - gHacks Tech News

Samsung Exynos devices kernel vulnerability

A security vulnerability affecting Samsung devices has recently been discovered by members of the XDA Developers forum. According to the information posted on the forum, all Samsung devices with an Exynos chip may be affected by this including the Samsung Galaxy Note 2, Samsung Galaxy S2, Galaxy Note 10.1 and others.

It is a kernel vulnerability that provides attackers with root and read and write access to all physical memory. If that would not be bad enough, it can be exploited by malicious apps that get installed via Google's Play store or by sideloading them to the device. No root or modification is necessary for this to happen, which effectively means that any specifically prepared application can exploit the vulnerability on affected phones.

What makes this vulnerability that dangerous is that it can be exploited by applications users install straight from Google Play, and that users may not even become aware of what is happening in the background after they have installed the app on their phone.

Samsung phones owners who use a phone with an Exynos chip need to take extra care when they install apps on their phones. It is highly suggested to only install applications from trusted sources and even there, double and triple check before the app is installed.

Forum members are already working on temporary fixes that protect Samsung devices from exploits of the vulnerability and quick patches seem to protect rooted Samsung phones already.

According to information posted on the forum, Samsung has been notified about the issue. There has been no reaction so far though.

Update: Exynos Abuse has been released on the forum which uses the security vulnerability to gain root privileges to installer SuperSu on devices. It then allows you to disable the exploit or re-enable if in case you do need it again. Note that it may break the phone's camera and the developer notes that this is a workaround and not an actual fix.

voodoo lazy anti exynos abuse-dev

Please note that there is always risk involved when installing applications on your phone, and especially so if you install them from third party sources.

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:

Comments

  1. ilev said on December 17, 2012 at 11:10 am
    Reply

    Nothing new, its Android, and Samsung smart TVs have also been hacked.
    Android has now more malware than Windows.

  2. jhh said on December 17, 2012 at 2:47 pm
    Reply

    Samsung must release patch ASAP, where the hell is Samsung response to this news…it’s already two days old thought :S If Samsung is this slow, maybe my next phone would be Google Nexus instead of Samsung… At least Nexus gets patches directly from Google, not throught Samsung and must then wait months for update.

    1. ilev said on December 17, 2012 at 8:58 pm
      Reply

      “Samsung must release patch ASAP..”

      Why should they ? Samsung will sell you a new S IV with the bug fixed.

  3. berttie said on December 17, 2012 at 10:36 pm
    Reply

    My current android smartphone will be my last. With no central control of the OS there is no guarantee that such vulnerabilities will be fixed. It is a pity as the OS succeeds on so many levels, but with phones increasingly being used for electronic banking, online purchasing, etc, an insecure OS is just too dangerous.

    1. Mark said on December 18, 2012 at 10:06 am
      Reply

      Windows is also full of security issues since day one, but look at its market share. A few years back I am not sure who will dominate, but now I can say Android is here to stay. Furthermore, this vulnerability only affects Exynos-based devices; by next year people are changing phone again so it’s not going to hurt anyone or Samsung much.

  4. Jesus said on December 18, 2012 at 2:14 am
    Reply

    My current Galaxy s2 is my last samsung device because of tjhe camera being faulty, it’s slow at times and gets really hot ever since the day I brought and without third party apps installed, my next phone will be android though as it is the best OS it is just sam sung that is F*****! Thanks for taking my $ Samdung

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.