Serious Vulnerability Leaves Samsung Exynos Powered Devices Open To Data Wipes, Bricking
Developers have discovered a serious vulnerability with Samsung’s Exynos-powered smartphones — including its latest Galaxy S III and Galaxy Note II devices — that can provide attackers with access to all physical memory. The flaw leaves the handsets open to malicious apps that can access a user’s personal data, completely wipe their data, or worse, brick their handset.
The flaw was discovered by ‘Alephzain’ of the XDA Developers forum, who has tested it on a Galaxy S III. However, he insists the vulnerability is present in other Samsung devices, and even third-party handsets that utilize an Exynos processor.
A senior moderator at XDA, who calls himself ‘Chainfire’, has created an APK that successfully takes advantage of the exploit to gain root privileges and install the SuperSU app “on any Exynos4-based device.” According to his post, handsets compatible with the exploit include:
Samsung Galaxy S2 GT-I9100, Samsung Galaxy S3 GT-I9300, Samsung Galaxy S3 LTE GT-I9305, Samsung Galaxy Note GT-N7000, Samsung Galaxy Note 2 GT-N7100, Verizon Galaxy Note 2 SCH-I605 (with locked bootloaders), Samsung Galaxy Note 10.1 GT-N8000, and the Samsung Galaxy Note 10.1 GT-N8010.
If your handset’s on this list, there’s no need to panic just yet. It’s worth noting that there is currently no known Android malware that uses this particular vulnerability. What’s more, other Exynos-based devices are not compatible. The Nexus 10, for example, which employs an Exynos 5 processor, is not at risk.
Another XDA member, ‘Supercurio’ has released an “instant fix” for the vulnerability while we await an official response from Samsung. It’s called Project Voodoo, and it requires no root access. It will, however, disrupt the functionality of your handset’s front-facing camera, but you can toggle the fix on and off when necessary.
To find out more about the exploit, head on over the the discussion on the XDA Developers forum by hitting the source link below.Related