16
Dec
Samsung-Galaxy-S-III

There's some disturbing news today on the Android security front: an vulnerability has been discovered for Samsung's Exynos 4-powered devices. While the related exploit is useful for the mod scene in that it can be harnessed to gain superuser permissions and root pretty much any device running on an Exynos 4 chip, it's also got some rather disturbing implications. According to an XDA member with the handle "alephzain", who developed the exploit, using this security hole can also grant an app access to all physical memory on a given device - basically, anything stored in RAM is fair game. The virtual directory for memory within the kernel, dev/exynos-mem, is wide open, apparently for access to various camera-related functions.

exynos

The exploit bypasses system permissions on the kernel level, taking advantage of read/write permissions within the kernel. Affected devices potentially include anything running an Exynos 4210 or 4412 processor, including the international models of the Galaxy SII and SIII, the Galaxy Note and Note II, Galaxy Tab 7.7, Galaxy Note 10.1, and various devices from Meizu, Lenovo, and smaller Asian manufacturers. Most U.S. Samsung models equipped with LTE, including the Galaxy S III for all four major carriers, are not affected. 

If it sounds like we're making a big deal about this, that's because it is a big deal. For some reason, when Samsung's software department created the kernels for these two series of processors, they elected to leave read/write permissions open. Theoretically, any app could gain root access to an affected device without any user-facing alert, or even restarting the device. While some have speculated that this is to enable wider access for Samsung's own internal apps, this seems unlikely, and in any case would be a poor reason for doing so.

Well-known XDA member "Chainfire" has released an APK that will root an affected device and patch the vulnerability. You can download it on the first XDA page below. Root is not required, but if your device is not rooted already, it will be after using the app. This could void your warranty, but it would also make your Exynos 4-powered device measurably safer. According to Chainfire, Samsung has been made aware of the issue. Android Police has also contacted Samsung's PR department. They have not issued a statement at the time of writing.

XDA Developers - ExynosAbuse APK v1.10 (Chainfire)

XDA Developers - Root Exploit on Exynos (alephzain's documented exploit)

Thanks to Debadatta and shojus for the tips!

Jeremiah Rice
Jeremiah is a US-based blogger who bought a Nexus One the day it came out and never looked back. In his spare time he watches Star Trek, cooks eggs, and completely fails to write novels.
  • http://twitter.com/kn1ghth4wk241 Mike Daniels

    so fixing samsungs problem will void my warranty

    seems legit

    also first

    • http://www.facebook.com/Shinakuma George Millhouse

      no using a program from a NON official source voids your warranty. That is your problem and not Samsungs if you dont wait for the official fix. and you werent first you 14 yr old child

      • http://twitter.com/RvLeshrac RvLeshrac

        What? No, that isn't "our problem." That's Samsung's problem. They released software with a GAPING FUCKING HOLE in it, they need to fix that shit yesterday. Not today. Not tomorrow. No fucking "testing" on it. There's a working fix that only breaks their shitty goddamned camera app, and they need to force it down to all affected devices NOW.

        • hot_spare

          Calm down. Nobody is happy when there is some security issue. Shouting in the forums will definitely not solve it.

          • http://twitter.com/RvLeshrac RvLeshrac

            Sounds like Millhouse up there is pretty happy with allowing massive security flaws to propagate.

      • coversnails

        Using a program from a non official source doesn't void your warranty,there isn't even such a thing as an official source for apps. You void it from rooting your phone, nothing to do with what you install on it.

        • SickoPsycho

          Sounds like maybe Millhouse is part of the iherd...

    • SickoPsycho

      lmao. seems legit indeed.

  • aNYthing6

    Thank you for a proper headline -- this has more to do with Exynos than Android. *coughVergecough*

    • ssj4Gogeta

      How is it an Exynos exploit? From the article it seems it's a kernel (software) exploit.

      • Mike Reid

        Exploit of kernel driver for Exynos.

        No Exynos = no exploit.

        • ssj4Gogeta

          Actually, Exynos with fixed kernel = no exploit.
          By your logic, you could argue that this is an Android exploit, since no Android = no exploit.

          • faceless128

            this is an electricity exploit. no power = no exploit.

          • mgamerz

            This is a universe exploit. No universe = no exploit

  • Tim Kermode

    "but it would also make your Exynos 4-powered device measurably safer"

    How so?

    • http://www.facebook.com/nikhilkaduskar Nikhil Kaduskar

      By using the patch in Chainfire's app.. it will root and patch the kernel. Quoting: "Well-known XDA member "Chainfire" has released an APK that will root an affected device and patch the vulnerability."

    • http://twitter.com/RvLeshrac RvLeshrac

      By not allowing any app you ever install via any source to root and brick your phone.

  • Jason Chuah

    are CM10 kernels (on an Exynos 4 device) affected by this exploit as well?

    • GazaIan

      I would assume all kernels that use the original sources (which is really all Exynos 4 kernels) are affected. Chain fire's patch is probably only for stock kernels, so I would recommend waiting for an update to your custom kernel before doing anything.

    • jbo1018

      You can bet if the vulnerability still exists in any custom kernels (cyanogen etc..)it will be fixed in very short order.

    • Jason Chuah
  • http://www.facebook.com/vanhouse David VanHouse

    Your chain fire link points to the original exploit page

    • http://www.androidpolice.com/ Artem Russakovskii

      Pinged Jeremiah, and he fixed it.

  • http://www.facebook.com/michaelgonzalez2012 Michael Gonzalez

    This wouldn't happen as often if we had vanilla Android

    • GazaIan

      This has absolutely nothing to do with software. It's a hardware exploit. The patch is a software patch, however. It's like putting newspaper over the hole in the wall.

      • Joel

        No, actually it's a software problem -- Samsung caused it by writing a kernel driver to support a lazy implementation of the camera.

      • jbo1018

        No its definitely a software exploit. Its just a hole in Samsung's software NOT Android's.

  • Sergii Pylypenko

    This app works well on my Galaxy Note, highly recommend it :)
    Also I advise you to hold on updating ANY app, and disable auto-update in the Play store, until Samsung will release a firmware patch for your device.

  • Ivailo Stoyanov

    It's not the first time we see how bad Samsung is at software. What were the devs thinking when leaving the RAM open for anyone to read/write?! It's like my phone is running Windows with no memory protection in the 90's when any application could do whatever the hell it wanted with the PC, including messing with the BIOS.

  • http://www.facebook.com/GabrielHellsing Gabriel Hellsing

    Gotta love living in Europe. Warranty isn't voided by rooting 8D

  • Dino Fancellu

    All hail Chainfire. What would we do without him?

  • Matthew Fry

    Good ole Chainfire. What an indispensable member of the Android development community.

  • Miss_Science

    Sounds like the perfect-storm for an all-time "worst hole in history" award.

    Can be implemented in any app you download, from the official store, or not.
    Gives full root access on the device without your knowledge.

    Affects 6 of the most popular million-seller devices on the market today.

    No fix known or released by Samsung.
    No announcement by Samsung if a fix will EVER be released.

    I'm sure there will eventually be a fix, but what if it's 1 month from now?
    This can mess up an awful lot of devices in 30 days. Or even in 3 days.

    • GazaIan

      What an awful time to win such an award, when they just won best phone of 2012.

  • Jeroen

    Chainfire from Amsterdam Holland..!!!

  • teeth

    But I am getting so much useful info from all my trusting downloaders, why did you expose this. Chainfire noooooooo. Well it was fun while it lasted.

Quantcast