Slashdot Mirror

← Back to Stories (view on slashdot.org)

Replicant OS Developers Find Backdoor In Samsung Galaxy Devices

Posted by Soulskill on from the caught-out dept.

An anonymous reader writes "Developers of the Free Software Foundation-endorsed Replicant OS have uncovered a backdoor through Android on Samsung Galaxy devices and the Nexus S. The research indicates the proprietary Android versions have a blob handling communication with the modem using Samsung's IPC protocol and in turn there's a set of commands that allow the modem to do remote I/O operations on the phone's storage. Replicant's open-source version of Android does away with the Samsung library to fend off the potential backdoor issue."

7 of 126 comments (clear)

  1. Re:OTA updates by supertall · · Score: 5, Informative

    Actually, the article states that Cyanogenmod uses the same blob as well.

  2. Re:OTA updates by dos1 · · Score: 5, Interesting

    This is part of their undocumented protocol for communication with the modem. Modem can ask to read or write some file on disk using IPC_RFS_READ_FILE, IPC_RFS_WRITE_FILE, IPC_RFS_LSEEK_FILE, IPC_RFS_CLOSE_FILE, etc. messages and the library will happily do that for the modem. It's hardly unintended.

  3. Re:OTA updates by Anonymous Coward · · Score: 5, Funny

    "Nuts!" said the NSA. "Now we'll have to use one of our 12 other methods!"

  4. Re:How remote is remote? by dos1 · · Score: 5, Informative

    Modem can ask the APU app to write/read selected files and do some other file system operations. Why would modem want to read/write arbitrary files on user's file system and what and how could invoke such behavior of the modem? The answer is up to your imagination.

    Well, in fact many other phones don't need any backdoor to do the same as lots of them have modems directly connected to main RAM, exposing it to monitoring or even manipulation by the closed and strictly secured modem firmware.

    That's why projects like Neo900 opt for clear APU<->modem separation as host<->peripheral, together with power and antenna usage monitoring and fully free software stack on APU side.

  5. Re:Third-party ROMs by dos1 · · Score: 5, Insightful

    Most of the popular ROMs are made using the very same closed drivers the article is talking about to provide hardware compatibility - otherwise they would be exactly where Replicant is now.
    Any third-party ROM for Galaxy devices that uses Samsung's library to communicate with the modem is vulnerable - so almost all of them are, including CyanogenMod.

  6. RMS was right by Anonymous Coward · · Score: 5, Insightful

    This is what you get for essentially renting a a black box with audiovideo and communication capability and letting 3rd parties control it fully: a personal tracker better than what the worst totalitarian regime could dream. There is no reason why operating systems or essential drivers should be shipped as binary blobs, not this day and age, not after the NSA revelations.

  7. Re:No contract, wifi-only by Charliemopps · · Score: 5, Informative

    No. The modem can write to your OS. Anyone can communicate with your modem, even Ham radio operators. Granted, exploiting this would be a huge technological challenge... unless of course this was placed there intentionally and they know exactly what to send to your modem to get it to do what they want.