Huge Security Hole In Recent Samsung Devices

An anonymous reader writes "A huge security hole has been discovered in recent Samsung devices including phones like the Galaxy S2 and S3. It is possible for every user to obtain root due to a custom faulty memory device created by Samsung." The problem affects phones with the Exynos System-on-Chip.

Root

[Nerdfest]

I consider someone *else* running as root a security hole. As long as you need physical access, this is a feature. A phone that will not let you install what you want is broken.

Re:Root

[Nerdfest]

That's definitely a problem. The way the summary is worded makes it sound like a user having root is a security exploit ... something most hardware and OS manufacturers seem to believe these days. I may have to break tradition and read the article.

Re:Root

[hawguy]

On smartphones, local exploits matter because they mean apps can gain more permissions than they are supposed to have. (This is a much smaller problem on desktops because people don't tend to install programs on desktops anywhere near as much.)

You've never seen a user click blindly through ActiveX install warnings if you think Desktop users rarely install software.

Re:Root

[Nerdfest]

They can test all they want, but there will be bugs. The trick is to have support in place to patch quickly. Most open source software is very good this way, but most commercial stuff is way behind.

Re:Root

[fredprado]

Nothing can be "fully tested". Things like this happens to any developer and are unavoidable as the code complexity increases.

What is the responsibility of the developer is to fix a security hole such as this as quickly as possible once detected.

It's a feature !!

[Taco+Cowboy]

Instead of considering that "security hole" a "security hole", consider it as a "feature".

Just root the damn thing and unlock it !!

Re:Huge Security Hole Has Been there all Along

[Threni]

> It's just one more exposure. The real problem is in actually being able to tell what -any- app is currently doing
> on your device. And that kind of monitoring is no-where in sight.

Wrong, and wrong. With this, you can access all the memory on your phone. Clearly with this you CAN tell what's running, You can stop what's running. You can patch what's running. You can do whever you like, This is about as different to the average piece of malware as is possible to get.

Re:Makes me glad I use an iPhone...

[Galestar]

other than stuff befalling jailbroken devices

This is the important part. Walled gardens are inherently more secure, it has nothing to do with Apple's competence.

Re:Huge Security Hole Has Been there all Along

[grcumb]

Damn that was vague.

If by 'vague', you mean 'detailed', then yes, it was. 8^)

Could you maybe explain what kind of bad things they can do without permission?

The most damning bit of code is this:

#ifdef CONFIG_EXYNOS_MEM [14] = {"exynos-mem", S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH, &exynos_mem_fops}, #endif

Basically, it says, "Aw heck, write whatever you like to any memory address anywhere. I mean, we're all friends here. Right?"

Effectively, any installed app can ignore pretty much every single security setting on the phone and do whatever it likes to the running system. Worse, this could be coupled with a vulnerability in an otherwise well-intentioned app to create a remote root exploit.

On the WTF scale, this ranks with the 2008 Debian SSL hole in terms of rank stupidity.