Samsung Galaxy III smartphone vulnerability leaves millions open to malware

A member of the XDA Developers forum, who goes by the handle “alephzain,” said that an issue with the smartphones’ kernel is to blame. Essentially, a Samsung Play Store app could potentially inject malicious code directly into the kernel and compromise information stored in the phone’s RAM. After gaining access to physical memory through the app, attackers could steal user data, or could go the trickster/ransomware route, wiping data and bricking devices.

Samsung has sold more than 30 million Galaxy S III and more than 5 million Galaxy Note II handsets in the past year, so the vulnerability could have widespread consequences. And to boot, the issue is not limited to those devices: it also exists on the Samsung Galaxy S II, the Meizu MX, and maybe other devices that feature the Exynos processor and Samsung kernel sources.

“The good news is we can easily obtain root on these devices,” alephzain said. “The bad is [that] there is no control over it.”

One of the forum moderators, Chainfire, said that he has notified Samsung…but in the meantime has created an APK file, ExynosAbuse, that weaponizes the vulnerability to gain root privileges “on any Exynos4-based device.”

Another developer, Supercurio, took a more responsible route, issuing an “Instant Fix App” for the vulnerability, with no root required.

“Unfortunately…a working exploit with complete source code [has been released] before the various vendors affected (Samsung, Meizu and surely others) were made aware of it, leading to a severe security issue without accessible fix for now,” said Supercurio in a blog post. “I wrote then an application to circumvent the issue while manufacturer patch the security hole and publish OTA updates [sic]”.

Samsung has had issues with other hardware as well recently. Researchers at ReVun have identified a vulnerability in the Linux-based Samsung LED 3D TVs that would allow hackers to hijack the company’s smart TVs to retrieve sensitive information, and monitor and root the device itself.

What’s hot on Infosecurity Magazine?