Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

New Vulnerability Exposed In Samsung’s Android Devices

A new vulnerability in Exynos 4-powered devices, which include the Samsung’s Galaxy S2 and Galaxy S3 devices, was discovered by a XDA forum developer while recently rooting his Android phone.

The flaw affects to both Android tablets and handheld devices running different versions of Android including 2.x, 4.0, and 4.1.

A new vulnerability in Exynos 4-powered devices, which include the Samsung’s Galaxy S2 and Galaxy S3 devices, was discovered by a XDA forum developer while recently rooting his Android phone.

The flaw affects to both Android tablets and handheld devices running different versions of Android including 2.x, 4.0, and 4.1.

The worry is that while these are local vulnerabilities, the ability to target them remotely is available given that the full source code for the exploits has been released. Most of the devices are consumer based, but that doesn’t mean that corporate employees are not using them at the office for work. Admittedly the threat and risk is a stretch, but the fact that the vulnerability sits Kernel side and shipped with the units makes it a viable attack surface.

“The flaw is a ‘Privilege Escalation’ vulnerability that exists in the drivers used by the camera and multimedia devices,” Ohad Bobrov, CTO and co-founder of Lacoon Security told SecurityWeek via email. “By exploiting this vulnerability, the attacker can bypass the Android’s permission model and ultimately access various files and sensitive information on the device.”

According to the developer notes, the issue has been confirmed “on any Exynos4-based device” including the Samsung Galaxy S2 (GT-I9100) and Galaxy S3 (GT-I9300 & LTE GT-I9305), the Galaxy Note (GT-N7000), Galaxy Note 2 (GT-N7100), Verizon’s Galaxy Note 2 (SCH-I605) with locked bootloaders, the Galaxy Note 10.1 GT-N8000, and the Galaxy Note 10.1 GT-N8010.

“The good news is we can easily obtain root on these devices and the bad is there is no control over it,” the developer who discovered the flaw explained.

Unfortunately, he added, the downside also means that attackers can download data from the system’s RAM, “kernel code injection and [other types of code injection] could be possible via app installation from Play Store.”

“It certainly exists many ways to do that but Samsung give an easy way to exploit. This security hole is dangerous and expose phone to malicious apps. Exploitation with native C and JNI could be easily feasible.”

Advertisement. Scroll to continue reading.

Another developer chimed in on the security risks and noted that any application “can use [the vulnerability] to gain root without asking and without any permissions on a vulnerable device…” adding that a fix was needed ASAP.

SecurityWeek has reached out to Samsung for comments and reactions. We’ll update this story as soon as we hear from them. In the meantime, there is a stop-gap fix available from another developer, the details of which are here.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Fraud & Identity Theft

A team of researchers has demonstrated a new attack method that affects iPhone owners who use Apple Pay and Visa payment cards. The vulnerabilities...

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

Asus patched nine WiFi router security defects, including a highly critical 2018 vulnerability that exposes users to code execution attacks.