Posted by vitorcerq 2 years ago

Major vulnerability found in Exynos 4210 and Exynos 4412 devices


A Major vulnerability has been found on devices using Exynos 4 SoC and Samsung Kernel sources. The vulnerability was discovered by XDA-Developers’ forum member alephzain. The security flaw is actually in the kernel which makes the device R/W by all users, apps and gives access to full Physical Memory. In short, all Exynos 4 devices come pre-rooted directly from the manufacturers. We can give you one bad news and one good news about this discovery.

The bad news is that any application downloaded from the Google Play Store or installed manually can take FULL control of the device and cause permanent damage, even if the device is not rooted. XDA-Developers’ Elite Recognized Developer Supercurio is already working on an app which can patch this security hole and prevent apps from taking over the device, he will release the app soon on Google Play Store.

The good news is that with this security flaw rooting an Exynos 4 device has just got a lot easier. XDA-Developers’ Elite Recognized Developer Chainfire has already released an app called ExynosAbuse which can root a device with just a single click of a button. Now you don’t have to flash unsecure or pre-rooted kernels through odin/heimdall on your Samsung device, all can be done via an app.

Exynos 4210 devices:
- Samsung Galaxy Note GT-N7000
- Samsung Galaxy S2 GT-I9100
- AT&T Samsung Galaxy S2 GT-I777

Exynos 4412 devices:
- Samsung Galaxy S3 GT-I9300
- LTE Samsung Galaxy S3 GT-I9305
- Samsung Galaxy Note 2 GT-N7100
- LTE Samsung Galaxy Note 2 GT-N7105
- Samsung Galaxy Note 10.1 GT-N8000
- Samsung Galaxy Note 10.1 GT-N8010
- Meizu MX

(Source: XDA-Developers)

Related Posts:

13 comments on “Major vulnerability found in Exynos 4210 and Exynos 4412 devices

  1. gasterakos 2 years ago said:

    So.We will have a solution for this?Or our devices will be dead very sooner than normal time.This is a serious thing cause we have gave much money for those devices

    Report this comment

  2. skarpuk 2 years ago said:

    I love Samsung they slow and now big security holes, do not care have warranty or take legal action if something going wrong!

    Report this comment

  3. PepN 2 years ago said:

    Apple will love this!!

    Is there some firmware update that can fix this?

    Report this comment

  4. saykoshey 2 years ago said:

    Doesn’t have any relation to the Exynos SoC’s, it’s just a stupid fault in the Samsung kernel sources. Can easily be fixed by Samsung or by anyone with root access.

    Report this comment

  5. thesebastian 2 years ago said:

    At least i have fixed this today on my CM 10.1 unsupported build (S3 i9300). Thanks to codeworkx, xplod, and whole team hacksung. And thanks to the first releases of Insignal/origen board of Exynos 4.

    Report this comment

  6. Addled 2 years ago said:

    First their dogged and continued stubbornness when it comes to releasing binaries to xda developer community (arguably their biggest ally) and now this, a gaping vulnerability in their kernels (before this there was the USSD dialer venerability).

    Samsung management exude levels of brilliance not seen since the extinction of the dodo…

    Report this comment

  7. lowem 2 years ago said:

    Good thing it’s open source so it can be found and fixed. Can’t say the same thing about Apple’s stuff.

    Report this comment

  8. jayr8988 2 years ago said:

    IN SHOOOOOOOOORT BUY S4 … THAT’S WHAT THEY WANT… AND WHEN S5 COMES OUT ANOTHER MAJOR VULNERABILITY FOR S4 SO BUY S5…

    GET THE POINT?

    Report this comment

  9. sa71 2 years ago said:

    I believe Samsung will fix this promptly. Any kind of vulnerability can only ruin Samsung image and bring about decrease of consumers confidence. Samsung knows that and it will use this situation to show how prompt they are when it comes to customer care. If they do not do that, they risk very much when it comes to Android phone market.

    On the other hand, Samsung (maybe) wanted to shake up Android OS in order to make some room for their upcoming Tizen OS. They might have hoped that the blame would go on Google, rather than on Exynos and Samsung Kernel.
    Why would Samsung do that? Samsung might be mad because they did not get to manufacture the Nexus 4. Samsung is used to getting a lion share of Android phone market. Having LG in the game is something they do not like at all.

    I know, there is a lot of might-s and maybe-s, but as a former user of Bada, there must be some substantial amount of doubt that Samsung left in me.

    Report this comment

  10. polaris197 2 years ago said:

    I use exynosabuse to fix

    /dev/exynos-mem have the good right after and my camera works like before

    Galaxy s3 i9300 4.1.1 xef

    Report this comment

  11. gholaofme 2 years ago said:

    Ok… So maybe this is what happened to my S3… It fell down on September and lasted working a month and suddenly it just didn´t wanted to turn on, the official diagnose was the electric system was damaged and I had to pay for a new electric motherboard, approx $400…

    Report this comment

  12. gholaofme 2 years ago said:

    And the app works, in the latests firmware 4.1 it does not damages the camera

    Report this comment

  13. Pingback: Falha em smartphones Samsung dá acesso total a informações do usuário | Unders Tech

Leave a Reply






SamMobile
© 2014 SamMobile.com  |  About us  |  Contact  |  Privacy & Cookies  |  Find us on Facebook, Google+ and Twitter.
Partners: Androidworld.nl