Slashdot Mirror

← Back to Stories (view on slashdot.org)

Huge Security Hole In Recent Samsung Devices

Posted by timothy on from the it's-like-they-handed-you-the-phone dept.

An anonymous reader writes "A huge security hole has been discovered in recent Samsung devices including phones like the Galaxy S2 and S3. It is possible for every user to obtain root due to a custom faulty memory device created by Samsung." The problem affects phones with the Exynos System-on-Chip.

33 of 153 comments (clear)

  1. Re:Great by Anonymous Coward · · Score: 2, Informative

    That phone has been rootable for ages. It runs Ice Cream Sandwich and even Jellybean quite smoothly with the proper ROM/kernel.

  2. Re:Great by Nerdfest · · Score: 2

    Installing anything with Kies is just torturing yourself. A Galaxy S1 runs Jelly Bean quite nicely, and it runs faster than stock 2.1 I find. The next phone I buy will be checked for Cyanogen support before I buy it.

  3. Not LTE GS3 by Anonymous Coward · · Score: 5, Informative

    This only effects the international S3, the US LTE version uses a Snapdragon CPU.

    1. Re:Not LTE GS3 by compro01 · · Score: 3, Informative

      Yes, the I9305 is affected.

      The list below is all models affected by this, which includes the international GS2 variant, as well as the Note 1 and 2, Galaxy Tab Plus, and Note 10.1.

      GT-I9100
      GT-I9300
      GT-I9305
      GT-N7000
      GT-N7100
      GT-N7105
      SGH-I317
      SCH-I605
      GT-P6210
      GT-N8000
      GT-N8010
      GT-N8013
      GT-N8020

      It does not affect the Snapdragon-based I747 (AT&T, Rogers, Bell and other major Canadian carriers) nor the T999 (T-mobile, as well as Canadian AWS carriers like Wind, Mobilicity, and Videotron)

      --
      upon the advice of my lawyer, i have no sig at this time
  4. Root by Nerdfest · · Score: 2, Insightful

    I consider someone *else* running as root a security hole. As long as you need physical access, this is a feature. A phone that will not let you install what you want is broken.

    1. Re:Root by 14erCleaner · · Score: 5, Informative

      The problem is that this hole will allow any app to read or write to any of memory, allowing trojans.

      --
      Have you read my blog lately?
    2. Re:Root by Nerdfest · · Score: 3, Insightful

      That's definitely a problem. The way the summary is worded makes it sound like a user having root is a security exploit ... something most hardware and OS manufacturers seem to believe these days. I may have to break tradition and read the article.

    3. Re:Root by Nerdfest · · Score: 5, Informative

      Looks like someone has a quick fix out. It's an app that sets the perms on the file properly, but it does cause problems with the camera on the S3. The app lets you toggle the permissions on and off so you can still use your camera is you wish. I haven't tried it as I don't have a phone with the hole, but teh XDA guys are pretty reputable: Here it is. Certainly can't complain about the open source community on something like this, although it would have been nice if he reported it to Samsung a little in advance of the release of the problem.

    4. Re:Root by stephanruby · · Score: 5, Informative

      The way the summary is worded makes it sound like a user having root is a security exploit ...

      The Cleaner is correct. In the case of Android, each application is considered a separate user. That's how applications are sandboxed away from each other. This way, an application only has access to its own files (which reside in its home folder). An application only has access to its own SQlite database instances (which again reside only within its own home folder, since SQLite is file-based, this arrangement works). With its own userid, an application can only access its own process and its own data. Etc.

      In other words, Android is an operating system built on top of another operating system and Android doesn't try to completely reinvent the wheel when it comes to security.

    5. Re:Root by Tough+Love · · Score: 2, Informative

      The fandroids will spin this into something to make it seem like it was a win for them all along.

      Whoa, the fandroids didn't do that! Instead, the fandroids discussed the issues, risks and fixes calmly, intelligently and informatively. Now if only iFans were like that, maybe I wouldn't feel like I got something icky on me after any encounter.

      --
      When all you have is a hammer, every problem starts to look like a thumb.
    6. Re:Root by hawguy · · Score: 5, Insightful

      On smartphones, local exploits matter because they mean apps can gain more permissions than they are supposed to have. (This is a much smaller problem on desktops because people don't tend to install programs on desktops anywhere near as much.)

      You've never seen a user click blindly through ActiveX install warnings if you think Desktop users rarely install software.

    7. Re:Root by Nerdfest · · Score: 4, Insightful

      They can test all they want, but there will be bugs. The trick is to have support in place to patch quickly. Most open source software is very good this way, but most commercial stuff is way behind.

    8. Re:Root by SirJorgelOfBorgel · · Score: 2, Interesting

      "although it would have been nice if he reported it to Samsung a little in advance of the release of the problem"

      While that would have been nice, it is very debatable if it is wise. With Samsung, you just don't know. Security holes have been reported to Samsung that have been fixed nigh instantly, while other well known problems that can cause hard-bricks (device becomes a non-recoverable paperweight) on various devices have been known for almost a year - including the fixes - and the issue is still present in the latest firmwares.

      And in the exploit author's defense (as if needed), he actually says somewhere he didn't know whom to contact so he just put it on XDA, assuming it would somehow get to the right people. And even though it is weekend, I'm sure various Samsung engineers on the right levels are aware of the problem :) The not knowing who to contact thing is a valid issue - if you don't have any "ins" at Samsung, it's actually pretty hard getting this kind of information to the right people.

    9. Re:Root by fredprado · · Score: 2, Insightful

      Nothing can be "fully tested". Things like this happens to any developer and are unavoidable as the code complexity increases.

      What is the responsibility of the developer is to fix a security hole such as this as quickly as possible once detected.

    10. Re:Root by Tough+Love · · Score: 2

      The fandroids will spin this into something to make it seem like it was a win for them all along.

      Whoa, the fandroids didn't do that! Instead, the fandroids discussed the issues, risks and fixes calmly, intelligently and informatively. Now if only iFans were like that, maybe I wouldn't feel like I got something icky on me after any encounter.

      Oh, iFans have another weapon besides naked fanaticism: they also have Apple spinmods.

      --
      When all you have is a hammer, every problem starts to look like a thumb.
  5. Re:Great by kamapuaa · · Score: 3, Informative

    Google, this is an easy thing to do. I can't guarantee this site but: https://gurde.com/2012/08/how-to-android-jelly-bean-4-1-1-on-galaxy-s-i9000/ is the first result I got.

    --
    Slashdot: providing anti-social weirdos a soapbox, since 1997.
  6. It's a feature !! by Taco+Cowboy · · Score: 4, Insightful

    Instead of considering that "security hole" a "security hole", consider it as a "feature".

    Just root the damn thing and unlock it !!

    --
    Muchas Gracias, Señor Edward Snowden !
  7. Funny as hell - Google ad. by Andy+Prough · · Score: 5, Funny

    The Google ad on the page for TFA states "Root Any Android Device In 1 Touch! Easy To Use Automatic Root Software". Talk about context-sensitive ads!!

  8. Re:Huge Security Hole Has Been there all Along by Threni · · Score: 3, Insightful

    > It's just one more exposure. The real problem is in actually being able to tell what -any- app is currently doing
    > on your device. And that kind of monitoring is no-where in sight.

    Wrong, and wrong. With this, you can access all the memory on your phone. Clearly with this you CAN tell what's running, You can stop what's running. You can patch what's running. You can do whever you like, This is about as different to the average piece of malware as is possible to get.

  9. To actually root ... by SirJorgelOfBorgel · · Score: 2

    Strangely, TFA makes no mention of an app built to actually use this exploit to install SuperSU (root access management app): http://forum.xda-developers.com/showthread.php?t=2050297 - i.e. what most users consider getting rooted.

    Of course, this exploit can be used by any app, and a user can use the core exploit manually to install SuperSU (or Superuser) to let Play apps that need root (but don't contain this exploit ;)), but the linked method does all the work for you already.

  10. Re:Custom faulty memory device? by Anonymous Coward · · Score: 2, Funny

    Haven't you heard about Samsung's new strategy?

    1.) Become the go to name in customized faulty memory devices
    2.) ?????
    3.) Profit

  11. Re:Great by Anonymous Coward · · Score: 5, Funny

    You should be able to put it into a raw download (hold Vol up + Vol down in off state while plugging uSB into it) mode and use Heimdall, where you can flash a complete image over of it. Poke around for it, it's a fairly easy phone to root, and You'll be much happier with JB on it.

    I want to like my iPhone, but Android is just SO OPEN.

  12. Re:Great by cmdr_tofu · · Score: 2

    Galaxy S1 is easy to root! You have to be careful and follow instructions, but it's easy. http://wiki.cyanogenmod.org/wiki/Samsung_Galaxy_S

    Also Samsung has it's own update process called Kies, but it won't give you root: http://pages.samsung.com/ca/androidupgrade/English/

    I love my Samsung Galaxy S

  13. Re:Makes me glad I use an iPhone... by Galestar · · Score: 3, Insightful

    other than stuff befalling jailbroken devices

    This is the important part. Walled gardens are inherently more secure, it has nothing to do with Apple's competence.

    --
    AccountKiller
  14. Re:Huge Security Hole Has Been there all Along by grcumb · · Score: 5, Insightful

    Damn that was vague.

    If by 'vague', you mean 'detailed', then yes, it was. 8^)

    Could you maybe explain what kind of bad things they can do without permission?

    The most damning bit of code is this:

    #ifdef CONFIG_EXYNOS_MEM [14] = {"exynos-mem", S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH, &exynos_mem_fops}, #endif

    Basically, it says, "Aw heck, write whatever you like to any memory address anywhere. I mean, we're all friends here. Right?"

    Effectively, any installed app can ignore pretty much every single security setting on the phone and do whatever it likes to the running system. Worse, this could be coupled with a vulnerability in an otherwise well-intentioned app to create a remote root exploit.

    On the WTF scale, this ranks with the 2008 Debian SSL hole in terms of rank stupidity.

    --
    Crumb's Corollary: Never bring a knife to a bun fight.
  15. Re:Great by mrbester · · Score: 3, Informative

    Kies is the biggest pile of bloated crapware since Norton.

    --
    "Wait. Something's happening. It's opening up! My God, it's full of apricots!"
  16. Another illegal patent expropriation from Apple by gelfling · · Score: 2, Funny

    Tim Cook needs to sue them for that one.

  17. Re:security hole? by countach · · Score: 5, Informative

    Err, because any app you download can p0wn your phone?

  18. Re:security hole? by nedlohs · · Score: 3, Informative

    Because some random app could subvert the permissions it was granted at install and do whatever the hell it wants?

  19. Re:Huge Security Hole Has Been there all Along by Koutarou · · Score: 2

    The absolute worst-case would be to use the elevated access to leverage the superbrick bug (another hole out in the wild on the majority of exynos based phones) and permanently damage the emmc chip, which requires a system-board replacement to revive the phone.

  20. Re:security hole? by pepsikid · · Score: 2

    It's a considerable "security issue" because it may provide a vector through which you could install any app, ringtone, mp3, wallpaper, etc., that you did not buy from the manufacturer (thinking of currently un-rootable devices here). You could disable un-installable apps you mfger wants you to have. You could inspect and monitor your phone's memory and data transactions in such detail as to learn what information your mfgr, or installed apps, harvests from your activity. Heavens, you could finally back up and restore your phonebook from a device with a disabled data port. Enable wifi without a $15/mo service plan! Download your cameraphone pics and videos without using up some of your data ration! Or install a cut-and-paste extension! Freedom is dangerous! Samsung cannot ensure the 'highest customer experience' if the customer can shop around! Or some hog-swill like that.

    Disclosure: worked for Samsung Wireless. They're evil.

  21. Re:Huge Security Hole Has Been there all Along by SirJorgelOfBorgel · · Score: 2

    This is not a hardware design flaw. Whatever makes you think that ? The reason it affects so many Exynos4 devices is because the exploitable code is present in the main code they base most Exynos4 Android firmwares on. It's certainly fixable by Samsung.

  22. Re:Great by myowntrueself · · Score: 2

    The SGS is pretty much brick proof, even if you screw up the simple root instructions.

    Currently running over clocked (Semaphore) CM 10 JVT with no problems.

    Brick proof until the USB connector dies part way through an update. Jjust had that happen, brand new SGS, started to root it, failed, couldn't connect on USB again. Took it back and got a replacement though. I did read somewhere that the USB connectors on these can be dodgy.

    --
    In the free world the media isn't government run; the government is media run.