Samsung Galaxy Flaw Lets Hackers Tunnel Into RAM
A flaw in the kernel of the Samsung processor at the heart of several Galaxy series devices allows access to the phone's RAM. It looks as if Samsung downplayed security in setting up permissions for kernel access, said Carl Howe, research vice president at the Yankee Group. "That's a bit concerning because it means that this may only be one of many vulnerabilities."
12/17/12 1:49 PM PT
A new security flaw has been discovered in Samsung's vulnerability-plagued Galaxy S III. This time, the problem lies in the company's Exynos 4 series of chips.
The flaw was discovered by a hacker with the handle "Alephzain," who posted the information on the XDA Developers Forum.
Three hackers have posted solutions for the vulnerability so far.
However, Samsung has remained silent on the flaw.
Samsung did not respond to our request to comment for this story.
About the Exynos Flaw
The flaw, which is a bug in the Exynos 4 series' kernel, affects only devices running the Exynos 4210 and 4412 processors. These include the international versions of the Galaxy S III and Galaxy Note, and Galaxy Tab 2 and Galaxy Note 10.1.
However, versions of the Galaxy S III sold in the United States are not affected.
The flaw gives access to the device's RAM. This will let a malicious user download the contents of an affected device's RAM and examine them. It will also let malicious users upload new processes of their own. In theory, a malicious app concealing this exploit can root a victim's phone on the sly and send data on the phone to third parties, for example.
Such apps could be downloaded from Google Play, Alephzain warned.
While there are other ways to access a device's RAM to dump its contents or inject malicious code into its kernel, this Exynos flaw makes things easier for the bad guys, Alephzain said. It's easy to conduct exploits with native C and the Java Native Interface.
Workarounds for the Problem
Three hackers, "Chainfire," "Supercurio" and "RyanZA" have all posted solutions on the Web for the Exynos vulnerability.
Chainfire's solution lets users disable the exploit, re-enable it and disable the exploit at boot, before any Android app runs. However, Chainfire warns that this will require rooting the mobile device and is a workaround, not an actual fix.
Rooting mobile devices voids the manufacturer's warranty.
Supercurio's solution does not require rooting, doesn't modify the device's system, copy files or flash anything, can be enabled or disabled at will, and is free. It works on any device and lets users know if their device is vulnerable.
However, it breaks the proper function of the front camera on some Galaxy S III and Note II firmware when activated. Other flaws include being unable to protect efficiently against some potential attacks, Supercurio warns.
RyanZA's fix is similar to Supercurio's but allows users to toggle it on or off in order to use the camera.
Who Really Cares?
"It's not a problem in the U.S. because our Galaxy S IIIs have a different chip ... but it does sound like Samsung developers weren't concerned about security in how they set up the permissions for the virtual directory within the kernel," Carl Howe, research vice president at the Yankee Group, told TechNewsWorld. "That's a bit concerning because it means that this may only be one of many vulnerabilities."
In September, Galaxy S III and S II smartphones were discovered to be vulnerable to remote malicious resets. A single malicious line of code concealed in a Web page could remotely wipe these devices, Ravi Borgaonkar, a researcher at the Technical University Berlin, demonstrated at the Ekoparty security conference in Argentina.
However, "I don't think consumers keep up with [security issues]," Maribel Lopez, principal analyst at Lopez Research, said. "They care about whether the device has the apps they want and the screens they want."
Over time, we have become less concerned about privacy, Lopez told TechNewsWorld. Further, "two decades of PC viruses have desensitized us [to security flaws]. The average consumer assumes we'll have a patch."
Still, smartphone manufacturers have to pay attention to securing smartphones, which "have become essential computing devices for most of the world, or face backlashes from consumers," Howe suggested.
Security is an issue for consumers, according to a survey from Crossbeam Systems. More than half of the respondents said they'd consider changing providers, and another 19 percent said they'd definitely change providers if their smartphones had security issues.