Posted by Abhijeet M. 8 months ago

[Updated] Developers find security flaw that allows remote data access in Samsung’s Galaxy devices


Follow: Phones
samsung-logo-feature-4

The developers behind Replicant, a free and open source Android distribution (aka custom ROM/firmware) that attempts to replace proprietary Android components with free alternatives, claim to have discovered and close a backdoor in the software found on Samsung devices, including the Nexus S, Galaxy S, S2, and S3, and Galaxy Tab 2 10.1. According to Replicant devs, the proprietary program running on the devices’ processor and in charge of handling communication with the modem implements a backdoor that lets the modem read, write, and modify files on the device’s storage – if the modem, which also runs a proprietary program, is controlled remotely, it would be possible for someone to modify file storage contents without physical access to the device.

The backdoor was apparently discovered a few weeks ago, but is only now getting some attention from the media. The Free Software Foundation, where Replicant developers published their findings, makes the case that Samsung should release its proprietary software as free software without the backdoor, so that “Replicant doesn’t have to continue defusing the traps they have apparently left for their users,” and that Samsung Galaxy owners should appeal to Samsung publicly for an explanation to why this exists. 

Now, if I may be allowed to speculate, I really think this isn’t as big an issue as Replicant is making it out to be, since only Samsung has full access over the modem on its devices as it runs proprietary firmware code. It looks like a ploy on Replicant’s behalf to make Samsung publish the code for its modem/processor software – getting the modem on Samsung devices to work through free and open source alternatives on custom ROMs has been a major hurdle for developers in the past, so making a case about a security flaw on the modem’s software certainly reeks of a way to get Samsung to make things easier for the developers in the Replicant team.

Of course, I may be wrong, and I hope that Samsung makes the necessary changes if the security flaw is a serious one and puts user data at risk. We’ve reached out to Samsung for a statement, and we’ll be sure to update this post as and when we get one.

Update: Like we said, it seems the backdoor isn’t really something that is as bad as some would make it out to be. A security expert has confirmed to XDA that the proof-of-concept attack scenario was a bit misleading, and that it would require a modified firmware with security features disabled to exploit the modem into accessing data. Furthermore, Replicant team itself states that Android’s kernel security module would restrict the potential files the modem can access, and according to an XDA forum member, there is no evidence that the modem is controlled remotely and that the backdoor is possibly just a medium through which the modem software can write radio diagnostic files to the efs/root directory, where the radio/modem files are saved.

In short, this is one “security flaw” that you shouldn’t be worried about, and like we surmised, it looks more like a scheme to try and get Samsung to open source its modem files.

Related Posts:

  • No Related Posts

4 comments on “[Updated] Developers find security flaw that allows remote data access in Samsung’s Galaxy devices

  1. sad_but_cool1 8 months ago said:

    you must be wrong !! you don’t care if samsung can read/write any data on your device !!!!!!

    Report this comment

    • Abhijeet M. 8 months ago said:

      I do, but in this case, it’s a speculative scenario where Samsung *could* have remote access to the modem, which they most likely do not. The Replicant developers are also speculating that it could be an issue, so I’m not exactly jumping to conclusions yet.

      Report this comment

      • sad_but_cool1 8 months ago said:

        it’s not only samsung !!
        all modem vendors can access data , like ericsson and stmicroelectronics and ST-Ericsson and qualcomm and atheros and all gps vendors and all sensor vendors !!

        Report this comment

        • Abhijeet M. 8 months ago said:

          Exactly, but there’s no confirmation that they actively access this data for anything other than network-related data. It’s a backdoor, many of these can exist here and there, but since Replicant is only aiming at Samsung devices, I don’t believe there isn’t a hidden agenda here.

          Report this comment

Leave a Reply






SamMobile
© 2014 SamMobile.com  |  About us  |  Contact  |  Privacy & Cookies  |  Find us on Facebook, Google+ and Twitter.
Partners: Androidworld.nl
Close