Slashdot Mirror

← Back to Stories (view on slashdot.org)

Huge Security Hole In Recent Samsung Devices

Posted by timothy on from the it's-like-they-handed-you-the-phone dept.

An anonymous reader writes "A huge security hole has been discovered in recent Samsung devices including phones like the Galaxy S2 and S3. It is possible for every user to obtain root due to a custom faulty memory device created by Samsung." The problem affects phones with the Exynos System-on-Chip.

11 of 153 comments (clear)

  1. Re:Great by Anonymous Coward · · Score: 2, Informative

    That phone has been rootable for ages. It runs Ice Cream Sandwich and even Jellybean quite smoothly with the proper ROM/kernel.

  2. Not LTE GS3 by Anonymous Coward · · Score: 5, Informative

    This only effects the international S3, the US LTE version uses a Snapdragon CPU.

    1. Re:Not LTE GS3 by compro01 · · Score: 3, Informative

      Yes, the I9305 is affected.

      The list below is all models affected by this, which includes the international GS2 variant, as well as the Note 1 and 2, Galaxy Tab Plus, and Note 10.1.

      GT-I9100
      GT-I9300
      GT-I9305
      GT-N7000
      GT-N7100
      GT-N7105
      SGH-I317
      SCH-I605
      GT-P6210
      GT-N8000
      GT-N8010
      GT-N8013
      GT-N8020

      It does not affect the Snapdragon-based I747 (AT&T, Rogers, Bell and other major Canadian carriers) nor the T999 (T-mobile, as well as Canadian AWS carriers like Wind, Mobilicity, and Videotron)

      --
      upon the advice of my lawyer, i have no sig at this time
  3. Re:Great by kamapuaa · · Score: 3, Informative

    Google, this is an easy thing to do. I can't guarantee this site but: https://gurde.com/2012/08/how-to-android-jelly-bean-4-1-1-on-galaxy-s-i9000/ is the first result I got.

    --
    Slashdot: providing anti-social weirdos a soapbox, since 1997.
  4. Re:Root by 14erCleaner · · Score: 5, Informative

    The problem is that this hole will allow any app to read or write to any of memory, allowing trojans.

    --
    Have you read my blog lately?
  5. Re:Root by Nerdfest · · Score: 5, Informative

    Looks like someone has a quick fix out. It's an app that sets the perms on the file properly, but it does cause problems with the camera on the S3. The app lets you toggle the permissions on and off so you can still use your camera is you wish. I haven't tried it as I don't have a phone with the hole, but teh XDA guys are pretty reputable: Here it is. Certainly can't complain about the open source community on something like this, although it would have been nice if he reported it to Samsung a little in advance of the release of the problem.

  6. Re:Great by mrbester · · Score: 3, Informative

    Kies is the biggest pile of bloated crapware since Norton.

    --
    "Wait. Something's happening. It's opening up! My God, it's full of apricots!"
  7. Re:Root by stephanruby · · Score: 5, Informative

    The way the summary is worded makes it sound like a user having root is a security exploit ...

    The Cleaner is correct. In the case of Android, each application is considered a separate user. That's how applications are sandboxed away from each other. This way, an application only has access to its own files (which reside in its home folder). An application only has access to its own SQlite database instances (which again reside only within its own home folder, since SQLite is file-based, this arrangement works). With its own userid, an application can only access its own process and its own data. Etc.

    In other words, Android is an operating system built on top of another operating system and Android doesn't try to completely reinvent the wheel when it comes to security.

  8. Re:security hole? by countach · · Score: 5, Informative

    Err, because any app you download can p0wn your phone?

  9. Re:security hole? by nedlohs · · Score: 3, Informative

    Because some random app could subvert the permissions it was granted at install and do whatever the hell it wants?

  10. Re:Root by Tough+Love · · Score: 2, Informative

    The fandroids will spin this into something to make it seem like it was a win for them all along.

    Whoa, the fandroids didn't do that! Instead, the fandroids discussed the issues, risks and fixes calmly, intelligently and informatively. Now if only iFans were like that, maybe I wouldn't feel like I got something icky on me after any encounter.

    --
    When all you have is a hammer, every problem starts to look like a thumb.