Samsung Galaxy range wide open to malware: forum

XDA developer exposes flaw in ARM-built Exynos chip

Tags: Samsung Electronics Company
  • E-Mail
Samsung Galaxy range wide open to malware: forum Th exploit allows access to the entire physical memory of the Galaxy Note II and other devices.
By  Stephen McBride Published  December 17, 2012

An Android and Windows developers' forum has uncovered a vulnerability in Samsung's ARM-based Exynos SoC (system on a chip) that would allow installed apps full read-write access to the entire physical memory of the parent device.

The initial posting on Saturday by user "Alephzain" on forum.xda-developers.com said: "Recently discover [sic] a way to obtain root on S3 without ODIN flashing."

Root access hands administrative, super-user control of the device to any user, or third-party app that sought it. While Alephzain found the problem in a Galaxy SIII, the user claims the exploit is present in "potentially all devices that embed Exynos processor (4210 and 4412)". This would include the Galaxy SII and the Galaxy Note II and China-based Meizu Technology's MX smartphone.

While other XDA developers discussed the implications of the range of activities available via the exploit - "Ram dump, kernel code injection and others", according to Alephzain - a member called "Chainfire" said they had informed Samsung engineers of the issue. All concerned are "waiting for a fix ASAP".

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code