Samsung Multi-Device Exynos Exploit Stirs-Up Malware Fears

Advertisement

Over the weekend, Android enthusiasts over on the XDA-Developers forum uncovered a new exploit for devices running Samsung’s Exynos 4210 and 4412 SoCs, allowing for some quick-and-easy one-click rooting. Considering that the 4412 is used in models like Verizon’s Galaxy Note II, with its locked bootloader, that might seem like a blessing (not that there aren’t other roads to root). Despite that, concerns have developed over the wide-open nature of this exploit, and how easy it would be for malicious apps to take advantage of it to compromise vulnerable phones. Just what’s going on?

The problem is in the kernel code Samsung’s developed for its models running the 4210 or 4412. Some system libraries, particularly those working with a phone’s camera, access system memory in an unusual manner, through the /dev/exynos-mem device. The problem with exynos-mem is that it gives regular users (and the apps they run) full read/write access to the phone’s memory.

Now, it’s unlikely you’d stumble across an app written with the express purpose of taking advantage of this hole, but if you’d rather be safe than sorry, there’s an app out that can check phones to see if they’re vulnerable, and quickly patch them to close the exploit. While it will help keep your phone safe, it does interfere with camera functionality, but there are work-around to still get some use out of it.

Samsung is reportedly aware of the issue, so chances are we’ll see this fixed officially in future firmware updates.

Source: XDA-Developers forum, Project Voodoo (fix)
Via: MobileSyrup

Advertisement

What's your reaction?
Love It
0%
Like It
0%
Want It
0%
Had It
0%
Hated It
0%
About The Author
Stephen Schenck
Stephen has been writing about electronics since 2008, which only serves to frustrate him that he waited so long to combine his love of gadgets and his degree in writing. In his spare time, he collects console and arcade game hardware, is a motorcycle enthusiast, and enjoys trapping blue crabs. Stephen's first mobile device was a 624 MHz Dell Axim X30, which he's convinced is still a viable platform. Stephen longs for a market where phones are sold independently of service, and bandwidth is cheap and plentiful; he's not holding his breath. In the meantime, he devours smartphone news and tries to sort out the juicy bitsRead more about Stephen Schenck!