Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

New Vulnerability Exposed In Samsung’s Android Devices

A new vulnerability in Exynos 4-powered devices, which include the Samsung’s Galaxy S2 and Galaxy S3 devices, was discovered by a XDA forum developer while recently rooting his Android phone.

The flaw affects to both Android tablets and handheld devices running different versions of Android including 2.x, 4.0, and 4.1.

A new vulnerability in Exynos 4-powered devices, which include the Samsung’s Galaxy S2 and Galaxy S3 devices, was discovered by a XDA forum developer while recently rooting his Android phone.

The flaw affects to both Android tablets and handheld devices running different versions of Android including 2.x, 4.0, and 4.1.

The worry is that while these are local vulnerabilities, the ability to target them remotely is available given that the full source code for the exploits has been released. Most of the devices are consumer based, but that doesn’t mean that corporate employees are not using them at the office for work. Admittedly the threat and risk is a stretch, but the fact that the vulnerability sits Kernel side and shipped with the units makes it a viable attack surface.

“The flaw is a ‘Privilege Escalation’ vulnerability that exists in the drivers used by the camera and multimedia devices,” Ohad Bobrov, CTO and co-founder of Lacoon Security told SecurityWeek via email. “By exploiting this vulnerability, the attacker can bypass the Android’s permission model and ultimately access various files and sensitive information on the device.”

According to the developer notes, the issue has been confirmed “on any Exynos4-based device” including the Samsung Galaxy S2 (GT-I9100) and Galaxy S3 (GT-I9300 & LTE GT-I9305), the Galaxy Note (GT-N7000), Galaxy Note 2 (GT-N7100), Verizon’s Galaxy Note 2 (SCH-I605) with locked bootloaders, the Galaxy Note 10.1 GT-N8000, and the Galaxy Note 10.1 GT-N8010.

“The good news is we can easily obtain root on these devices and the bad is there is no control over it,” the developer who discovered the flaw explained.

Unfortunately, he added, the downside also means that attackers can download data from the system’s RAM, “kernel code injection and [other types of code injection] could be possible via app installation from Play Store.”

“It certainly exists many ways to do that but Samsung give an easy way to exploit. This security hole is dangerous and expose phone to malicious apps. Exploitation with native C and JNI could be easily feasible.”

Another developer chimed in on the security risks and noted that any application “can use [the vulnerability] to gain root without asking and without any permissions on a vulnerable device…” adding that a fix was needed ASAP.

SecurityWeek has reached out to Samsung for comments and reactions. We’ll update this story as soon as we hear from them. In the meantime, there is a stop-gap fix available from another developer, the details of which are here.

Written By

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

South Dakota Gov. Kristi Noem says her personal cell phone was hacked and linked it to the release of documents by the January 6...

Cybercrime

A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Application Security

Software maker Adobe on Tuesday released security patches for 29 documented vulnerabilities across multiple enterprise-facing products and warned that hackers could exploit these bugs...