Huge Security Hole In Recent Samsung Devices

An anonymous reader writes "A huge security hole has been discovered in recent Samsung devices including phones like the Galaxy S2 and S3. It is possible for every user to obtain root due to a custom faulty memory device created by Samsung." The problem affects phones with the Exynos System-on-Chip.

It's a feature !!

[Taco+Cowboy]

Instead of considering that "security hole" a "security hole", consider it as a "feature".

Just root the damn thing and unlock it !!

Re:Huge Security Hole Has Been there all Along

[grcumb]

Damn that was vague.

If by 'vague', you mean 'detailed', then yes, it was. 8^)

Could you maybe explain what kind of bad things they can do without permission?

The most damning bit of code is this:

#ifdef CONFIG_EXYNOS_MEM [14] = {"exynos-mem", S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH, &exynos_mem_fops}, #endif

Basically, it says, "Aw heck, write whatever you like to any memory address anywhere. I mean, we're all friends here. Right?"

Effectively, any installed app can ignore pretty much every single security setting on the phone and do whatever it likes to the running system. Worse, this could be coupled with a vulnerability in an otherwise well-intentioned app to create a remote root exploit.

On the WTF scale, this ranks with the 2008 Debian SSL hole in terms of rank stupidity.

Re:Root

[hawguy]

On smartphones, local exploits matter because they mean apps can gain more permissions than they are supposed to have. (This is a much smaller problem on desktops because people don't tend to install programs on desktops anywhere near as much.)

You've never seen a user click blindly through ActiveX install warnings if you think Desktop users rarely install software.

Re:Root

[Nerdfest]

They can test all they want, but there will be bugs. The trick is to have support in place to patch quickly. Most open source software is very good this way, but most commercial stuff is way behind.