A flaw in the Android kernel on some Samsung devices can expose those handsets to attack from malicious apps, according to a post on a mobile developer forum over the weekend.
The Samsung implementation of the Android kernel allows read/write access to all physical memory on the device, including the kernel, a user named “alephzain” posted on XDA Developers on Saturday. The vulnerability was found in the Galaxy S III that had not yet been flashed with ODIN, alephzain said. While the flaw would make it easy to root the device, it also meant the device was open to various attacks by malicious apps, such as kernel code injection and memory dumps.
The members on XDA Developers look for vulnerabilities in mobile devices that can be exploited to give users root access, after which users can install custom versions of Android. In this case, the vulnerability gives attackers a very easy way to exploit the handset for malicious users.
“The good news is we can easily obtain root on these devices and the bad is there is no control over it,” alephzain wrote.
The issue has already been reported to Samsung, according to the discussion on XDA Developers. SecurityWatch has reached out to Samsung for comment and will update the post with the company’s response.
While it is a serious vulnerability, it appears only a certain subset of Samsung devices are affected; just the ones with the Exynos processor.
US Handsets May Not Be Affected
ZDNet published a list of devices that use the Exynos 4210 and 4412 chip, which included Samsung Galaxy S II and SIII, Galaxy Note, Note 2 and Note 10.1, and Galaxy Tab Plus. While the Google Nexus 10 uses the Exynos processor, it is not on the affected devices list as it uses Exynos 5250.
However, it is important to note the US-versions of the Samsung Galaxy S II and SIII do not use the Exynos processor and thus are not affected, said Sascha Segan, lead analyst of mobile at PCMag.com. The Samsung Galaxy Note II (SCH-I605) phone from Verizon is included on ZDNet’s list because it uses the Exynos processor, but it’s not clear why other Galaxy Note II models—the ones from ATT, T-Mobile and Sprint—with Exynos weren’t included.
The Wi-Fi Note 10.1 tablet also uses the Exynos, but it’s not known whether the fact that the tablet is wireless only and doesn’t have a cellular modem changes the situation.
Handset manufacturers sometimes release different hardware depending on the region. In the case of Samsung, U.S. carriers required LTE and HSPA+ 42, which was incompatible with Exynos processors at the time the S II and S III were being developed. To get those radio specifications into the handsets, Samsung swapped Exynos for Qualcomm for the Samsung Galaxy S II and SIII.
It’s also not clear at this time if other handset makers use Exynos processors in their U.S. versions. The initial list of devices in alephzain’s post included Meizu MX, a China-based phone. The vulnerability may exist in other manufacturer handsets if they use either the Exynos 4210 or 4412 processor, according to alephzain.
The developer community has already released at least two fixes for the flaw. A user, Supercurio, has released a patch that can be applied without rooting the handset, flashing the ROM to install a new kernel, or requiring any other advanced techniques. It is designed to close the security hole when the handset boots, so it has to run first, or at least, before any malicious app exploiting the flaw. If the malicious app can gain priority to run before the patch, then it will still be able to take over the device.