Replicant OS Developers Find Backdoor In Samsung Galaxy Devices

An anonymous reader writes "Developers of the Free Software Foundation-endorsed Replicant OS have uncovered a backdoor through Android on Samsung Galaxy devices and the Nexus S. The research indicates the proprietary Android versions have a blob handling communication with the modem using Samsung's IPC protocol and in turn there's a set of commands that allow the modem to do remote I/O operations on the phone's storage. Replicant's open-source version of Android does away with the Samsung library to fend off the potential backdoor issue."

Re:Third-party ROMs

[dos1]

Most of the popular ROMs are made using the very same closed drivers the article is talking about to provide hardware compatibility - otherwise they would be exactly where Replicant is now.
Any third-party ROM for Galaxy devices that uses Samsung's library to communicate with the modem is vulnerable - so almost all of them are, including CyanogenMod.

RMS was right

This is what you get for essentially renting a a black box with audiovideo and communication capability and letting 3rd parties control it fully: a personal tracker better than what the worst totalitarian regime could dream. There is no reason why operating systems or essential drivers should be shipped as binary blobs, not this day and age, not after the NSA revelations.

Re:OTA updates

[bug1]

This is part of their undocumented protocol for communication with the modem. Modem can ask to read or write some file on disk using ...

And "undocumented protocol for communication" is different than a Backdoor how ?