Slashdot Mirror
Huge Security Hole In Recent Samsung Devices
An anonymous reader writes "A huge security hole has been discovered in recent Samsung devices including phones like the Galaxy S2 and S3. It is possible for every user to obtain root due to a custom faulty memory device created by Samsung." The problem affects phones with the Exynos System-on-Chip.
This only effects the international S3, the US LTE version uses a Snapdragon CPU.
The problem is that this hole will allow any app to read or write to any of memory, allowing trojans.
Have you read my blog lately?
Instead of considering that "security hole" a "security hole", consider it as a "feature".
Just root the damn thing and unlock it !!
Muchas Gracias, Señor Edward Snowden !
The Google ad on the page for TFA states "Root Any Android Device In 1 Touch! Easy To Use Automatic Root Software". Talk about context-sensitive ads!!
Looks like someone has a quick fix out. It's an app that sets the perms on the file properly, but it does cause problems with the camera on the S3. The app lets you toggle the permissions on and off so you can still use your camera is you wish. I haven't tried it as I don't have a phone with the hole, but teh XDA guys are pretty reputable: Here it is. Certainly can't complain about the open source community on something like this, although it would have been nice if he reported it to Samsung a little in advance of the release of the problem.
You should be able to put it into a raw download (hold Vol up + Vol down in off state while plugging uSB into it) mode and use Heimdall, where you can flash a complete image over of it. Poke around for it, it's a fairly easy phone to root, and You'll be much happier with JB on it.
I want to like my iPhone, but Android is just SO OPEN.
Damn that was vague.
If by 'vague', you mean 'detailed', then yes, it was. 8^)
Could you maybe explain what kind of bad things they can do without permission?
The most damning bit of code is this:
#ifdef CONFIG_EXYNOS_MEM [14] = {"exynos-mem", S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH, &exynos_mem_fops}, #endif
Basically, it says, "Aw heck, write whatever you like to any memory address anywhere. I mean, we're all friends here. Right?"
Effectively, any installed app can ignore pretty much every single security setting on the phone and do whatever it likes to the running system. Worse, this could be coupled with a vulnerability in an otherwise well-intentioned app to create a remote root exploit.
On the WTF scale, this ranks with the 2008 Debian SSL hole in terms of rank stupidity.
Crumb's Corollary: Never bring a knife to a bun fight.
The way the summary is worded makes it sound like a user having root is a security exploit ...
The Cleaner is correct. In the case of Android, each application is considered a separate user. That's how applications are sandboxed away from each other. This way, an application only has access to its own files (which reside in its home folder). An application only has access to its own SQlite database instances (which again reside only within its own home folder, since SQLite is file-based, this arrangement works). With its own userid, an application can only access its own process and its own data. Etc.
In other words, Android is an operating system built on top of another operating system and Android doesn't try to completely reinvent the wheel when it comes to security.
Err, because any app you download can p0wn your phone?
On smartphones, local exploits matter because they mean apps can gain more permissions than they are supposed to have. (This is a much smaller problem on desktops because people don't tend to install programs on desktops anywhere near as much.)
You've never seen a user click blindly through ActiveX install warnings if you think Desktop users rarely install software.
They can test all they want, but there will be bugs. The trick is to have support in place to patch quickly. Most open source software is very good this way, but most commercial stuff is way behind.