Exynos 4-Based Devices including Galaxy S3 and Galaxy Note 2 Vulnerable to Hack

Devices running Samsung’s Exynos 4-based processors (4210 and 4412) including the Galaxy S III and Galaxy Note II have been shown to be vulnerable to a hack with potentially serious ramifications. A developer on the XDA Developers forum @alephzain uncovered the vulnerability, which could give a malicious app the ability to wipe data, brick a device or access a user’s data without their knowledge.

Devices that are vulnerable to attack appear include any device that runs the Exynos 4-based designs, coupled with Samsung’s kernel sources. This means that devices including the Meizu MX are also vulnerable to the same exploit along with other Samsung devices. Although no known software uses the exploit maliciously, a senior moderator on the XDA Developers forum @Chainfire has written an APK exploiting the loophole gaining root priveleges “on any Exynos 4-based device.”

Another programmer @Supercurio has released a quick fix through Project Voodoo that closes the hack, however, it will depend on Samsung to ensure that the gaping security hole is properly. XDA Developers have contacted Samsung about the matter and report that the company is aware of the issue. However, Samsung had yet to publicly acknowledge the issue at the time of writing.

Via: Electronista

Update 1/03/2013:

Samsung Galaxy S III security fix reportedly rolling out to UK users

On 2nd January, Samsung pushed a software update (I9300XXELLA) to the Galaxy S III and we can confirm that the new software update fixes the infamous Exynos 4 vulnerability. The security flaw was in the kernel which made the device R/W by all users, apps and gave access to full Physical Memory. In short, this vulnerability gave root permissions to *any* app and there was no control over it but now with the new system update the security hole has been patched.

We believe that the new system update also fixes the sudden death issue as the new firmware ships with brand new bootloaders and this is the first time Samsung has updated the bootloaders of the device since it started shipping back in May 2012. But, we can’t confirm if sudden death issue has been resolved or not as Samsung is the only one who can confirm about the fix.

For now the new software update is only available for the United kingdom (BTU) but we expect other countries to follow soon. We would urge Galaxy S III users to  immediatly update their device to the latest firmware via Kies or OTA (Over-The-Air).

    Official Firmware Details:
    Android Version: 4.1.2 – Build JZO54K
    PDA: I9300XXELLA
    CSC: I9300OXAELLA
    MODEM: I9300XXELLA
    Build Date: 22-12-12
    Change list: 742798

Source: Sam Mobile

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s