Slashdot Mirror
Huge Security Hole In Recent Samsung Devices
An anonymous reader writes "A huge security hole has been discovered in recent Samsung devices including phones like the Galaxy S2 and S3. It is possible for every user to obtain root due to a custom faulty memory device created by Samsung." The problem affects phones with the Exynos System-on-Chip.
This only effects the international S3, the US LTE version uses a Snapdragon CPU.
The problem is that this hole will allow any app to read or write to any of memory, allowing trojans.
Have you read my blog lately?
Looks like someone has a quick fix out. It's an app that sets the perms on the file properly, but it does cause problems with the camera on the S3. The app lets you toggle the permissions on and off so you can still use your camera is you wish. I haven't tried it as I don't have a phone with the hole, but teh XDA guys are pretty reputable: Here it is. Certainly can't complain about the open source community on something like this, although it would have been nice if he reported it to Samsung a little in advance of the release of the problem.
The way the summary is worded makes it sound like a user having root is a security exploit ...
The Cleaner is correct. In the case of Android, each application is considered a separate user. That's how applications are sandboxed away from each other. This way, an application only has access to its own files (which reside in its home folder). An application only has access to its own SQlite database instances (which again reside only within its own home folder, since SQLite is file-based, this arrangement works). With its own userid, an application can only access its own process and its own data. Etc.
In other words, Android is an operating system built on top of another operating system and Android doesn't try to completely reinvent the wheel when it comes to security.
Err, because any app you download can p0wn your phone?