Samsung Android software accused of concealing secret backdoor

Advertisement

Is the data on your smartphone secure: your bank records, your emails, your chat history? Normally, we take steps to protect this info like putting passwords on our handsets, and being diligent about avoiding malware, but is that always enough? Not if the security hole exposing your data is deeply ingrained in system software itself. This week, devs are sounding the alarm over what’s being described as a backdoor in certain Samsung devices (both Galaxy-series as well as the Nexus S and Galaxy Nexus) that could potentially allow your carrier (or someone impersonating a carrier) to access your phone’s file system without your knowledge.

We’ve talked before at some length about the security issues raised by the baseband processor on your phone, the special-purpose chip that handles cellular communication. Problem is, that code’s largely inaccessible to us users, and with free reign over system hardware, it has the potential to cause a lot of harm if misused. Sometimes steps are taken to limit the baseband’s access to the rest of the system, but Samsung appears to have gone the opposite direction, crafting Android software that seems to deliberately give the baseband a backdoor into your phone’s file system.

The code in question handles communications between Android and the baseband processor, and includes a full set of commands for opening, closing, reading, and writing local files.

So, is this freak-out time? Throw your Samsung phone in a lead-shielded box? Maybe not just yet. For one, this report only mentions the software on relatively older Samsung models – the most recent flagships affected appear to be the GS3 and Note 2. Maybe more importantly, it’s worth noting that while Samsung is being singled-out here, the baseband processors in many other phones are just as able to access phone storage, and without the help of Android-side code like Samsung is using here; while Samsung’s taking the heat this time, it’s far from the only OEM in this boat.

Source: Replicant
Via: CNET

Advertisement

What's your reaction?
Love It
0%
Like It
0%
Want It
0%
Had It
0%
Hated It
0%
About The Author
Stephen Schenck
Stephen has been writing about electronics since 2008, which only serves to frustrate him that he waited so long to combine his love of gadgets and his degree in writing. In his spare time, he collects console and arcade game hardware, is a motorcycle enthusiast, and enjoys trapping blue crabs. Stephen's first mobile device was a 624 MHz Dell Axim X30, which he's convinced is still a viable platform. Stephen longs for a market where phones are sold independently of service, and bandwidth is cheap and plentiful; he's not holding his breath. In the meantime, he devours smartphone news and tries to sort out the juicy bitsRead more about Stephen Schenck!