back to article Samsung mobes pwned by ANY APP, thanks to chip code hole

A member of an XDA developers forum who calls him-or-herself Alephzain claims to have found a flaw in several Samsung handsets and tablets that could allow attackers to enjoy full access to their RAM. Alephzain posted news of the embarrassing bug here, stating: “The security hole is in [the] kernel, exactly with the device /dev/ …

COMMENTS

This topic is closed for new posts.
MrT
Bronze badge

Chainfire...

... knows his stuff.

What's more worrying is they are finding an increased number of handsets vulnerable to this - and it works on stock unrooted kit, ie no unlocked bootloaders, and therefore presumably won't even trip the onboard root detection.

3
0
Thumb Up

Re: Chainfire...

Yes, shame it was not reported in media as accurately.

The issue is not with the actualy chip or chips but with the customised kernel samsung use and with that it is the classic case of having a memory device driver with full world permisions. So coud fix it with chmod, though may break some other things like the camera. Depends upon how well coded they made those dependants.

When people want root they complain when they can't get it and when its handed to them on a plate, well, they moan. Still pretty sloppy of samsung to mess up something like file permisions, and if anything indicative of how well they audit there phones for security. This is pretty much school boy error level of mistake on samsungs part.

Still those worried can easily install a 3rd party ROM now, so win win.

1
0
Anonymous Coward

Re: Chainfire...

No it's sloppy and unacceptable.

0
0
Anonymous Coward

Re: Chainfire...

Yeah like how many people could / would actually install a 3rd part ROM - I'd guess less than 1%.

1
2
Anonymous Coward

Re: Chainfire...

"Yeah like how many people could / would actually install a 3rd part ROM - I'd guess less than 1%."

And I guess 100% of people can / will install a 3rd party ROM.

Guesses with no basis in fact are completely useless.

1
1
Gimp

I have a galaxy note, and this is not good news. Im pretty pissed off. Is it because I expected better?

3
0
Anonymous Coward

welcome to the IT world; a tip for a new comer, don't get pissed off until the vender say's that they won't fix it because the product have entered its end of life cycle.

5
0
Anonymous Coward

Did you really think Samsung were a quality brand who really love Android? why are they funding Tizen and have Bada as well then?

They're into the Android market to make money, plain and simple. Unfortunately that means that security isn't their concern, they leave that to Google to sort out.

2
11
Stop

You make it sound like there is any large corporation out there who is in [their respective business] because they love [you | your feelings | your security | your whatever], not because they want to make buckets of money.

4
0
Bronze badge

Don't hold your breath

Many of us with the "Epic 4G" version of the Galaxy SII still have unresolved issues with the phone after over a year. GPS radio dies, cell radio dies, Bluetooth dies, WiFi/3G/4G goes to sleep while in use, the notification light doesn't work, it destroys batteries, and the soft keys don't always work. The camera works well but forget about using it as a phone or data device. Samsung repair says it "passes all tests", even when they have returned it to me dead, and Sprint has never been more helpful than removing bad software patches installed by Samsung.

1
0
Anonymous Coward

Re: Don't hold your breath

... and you are surprised?

0
0
Alert

Headline is flawed

It's not a flaw in the System-On-Chip, it's a flaw in the security rights given to Samsung's device driver that interfaces with the SOC's memory. It's fixable with a simple software patch. Unfortunately Samsung are terrible at getting software patches out, and suddenly they have loads to issue.

10
1
Silver badge

Re: Headline is flawed

All 'operating systems' have flaws, some more than others and some patch easier than others, but we get used to the idea that every so often (and that is usually <= month) we get some minor update to fix problems and close vulnerable orifices.

It is just a shame that phones, which now run as full and operating system as one could imagine, seem so utterly crap at being updated. Not just the the manufacturers don't seem to care much (thinking of you, HTC) but even when they do offer a patch it is often of the "save your settings and factory wipe" the phone. The sort of brain-dead approach when Windows95, etc, got upset all those years ago.

Why have they not learned from desktop OS that patching is, sadly, inevitable so make it something that is easy and (normally) automatic?

Yes, I know of diverse hardware but that is something that should be well within the capabilities of the manufacturer to have automated build/test setups. And yes, I know of the crapware some telcos add to a phone, but again that should be unimportant for OS patches as that is stuff that (should) runs on top of the core OS.

5
0

Re: Headline is flawed

Patches on my Nexus 7 and Galaxy S running Cyanogenmod are no-wipe and easy enough. For Cyanogenmod I just use the Cyandelta app, which downloads the difference between the current build and the last one I installed. The Nexus 7 just notifies and downloads an over-the-air update. Both require a reboot but that's about all.

1
0
(Written by Reg staff) Silver badge

Re: Headline is flawed

We like to keep things lively and punchy, and sometimes headlines need to keep things simple to work. But I've tweaked it anyway.

I'd like to think the article quickly explains the location of the flaw, eradicating any doubt.

C.

2
0
Anonymous Coward

Re: Headline is flawed

"We like to keep things lively and punchy, and sometimes headlines need to keep things simple to work."

So let's not confuse facts with good copy ?

1
4
Flame

Re: Headline is flawed

Good Luck on getting any of those installed with that useless pile of crap KIeS crapplication that Samsung has inflicted on the world!

I though that Sony Ericsson had shitty support software, but after KIeS, I think that it is actually pretty good ;-)

1
0
Silver badge

@ Paul Crawford

Common sense in short supply, as usual. Of course, it doesn't matter, as we're supposed to bin our mobiles every 12 months.

0
0
Anonymous Coward

Re: Headline is flawed

You're not paying for the OS, remember that it is open source and free. Fix it yourself [tm].

4
4
Anonymous Coward

Re: Headline is flawed

But if a lot of Samsung's code is written to use this "hole" then that will stop working once fixed.

0
0
Silver badge

Re: Headline is flawed

"You're not paying for the OS, remember that it is open source and free. Fix it yourself"

Perhaps an obvious troll, but while Android may be free the kernel drivers may not be, and even if they are by default Samsung do not allow you to install custom firmware on your phone.

1
0
Anonymous Coward

Re: Headline is flawed

So how many models of handset will not get updated as they are considered out of warranty / end of life and of those that can be updated how many of those will and so how many people will still be at risk from rogue apps = lots.

2
1
Anonymous Coward

Re: Headline is flawed

Does it not frighten anyone else to think of all these small computers (with as much power as desktops of a few years ago) with fast Internet access being compromised (botnets etc.). Also you tend to put a lot of personal information on these devices - emails, texts, online banking, address book - perhaps even more so than an average desktop.

2
1
MrT
Bronze badge

Kernel drivers...

... are the reason that even Cyanogen can't develop their newest for the original HTC Desire - if the manufacturer doesn't release them there's not much to do except hope that your chef of choice still keeps cooking up Gingerbread in the ROM kitchen.

OTOH this kernel fault is hitting millions so if Samsung fix it on one handset there's a good chance it'll work across them all (providing it's low-level enough) - Galaxy S2 and up with their own CPU (as opposed to Qualcomm like in US S3s). They've rolled out kernel patches before without needing to fuss with Network kludge, so I wouldn't give up hope. I reckon if they've rolled 4.x out for the handset it'll likely be covered.

Then again, my record on winning bets is jot good - might as well bet against me just to be sure... ;-)

0
0
Silver badge

Re: diodesign

The headline still contains a typo.

0
0
Anonymous Coward

Re: Headline is flawed

Erm... are we sure the problem is the headline?

It sounds like permissions problem on /dev/exynos-mem to me? How's that a hardware fault? I can't see why it's necessarily even a kernel fault... wouldn't it be "solved" by running apps in a group of their own, or for finer control, as individual users? Much as is done routinely with potentially dangerous daemons on grown-up *NIXen?

Anon as I seem to be the only one thinking this - so I presume I've missed something blindingly obvious :-B

0
0
Anonymous Coward

It's ok. Android owners don't have anything worth taking. This was made obvious by their phone choice.

8
25
Anonymous Coward

Yawn

Can't trolls be original anymore?

15
1
Anonymous Coward

Re: Yawn

Somebody trolling android = apple fanboy.

Since when has anything Apples done ever been original.

19
3
Anonymous Coward

Re: Yawn

Since when has anything Apples done ever been original.

Since the patent: If Apple has not patented anything (yet), then per definition, it is not original.

1
1
Unhappy

Well if you just start from a point where you assume that no device is even remotely secure (no pun intended), then nobody should be at all surprised or disappointed by this.

Sad, but true.

9
0

Chainfire patch

If you look around XDA some more, Chianfire has release an apk, which applies root, then closes this hole

http://forum.xda-developers.com/showthread.php?t=2050297

3
0

Re: Chainfire patch

"one of which – Chainfire - has thoughtfully provided an exploit for the flaw"

El'Reg , Hmmm - I read that to say that Chainfire has provided something to exploit the flaw (i.e. making it easier for some kiddie or fiend to do the nasty).

I think what you meant to say was that Chainfire has provided a test to establish whether the exposure exists on a device and, like wot Mr Wibble said, he's produced a nice little patch (although it fcks up the camera so you have to revert and reapply as required.

Meantime, only download stuff that is from an established good developer and not some fly by night screen saver / crass game developer from the Play store (or elsewhere).

1
0
Anonymous Coward

root

Does this mean there are now a few million devices out there that can be rooted as easily as iPhones and without unlocking the bootloader? I would treat that as both good news and bad news...

1
0
Silver badge
Facepalm

This fills me with dispair

This is one of the security 101 things to check on any UNIX-like OS. The fact that it was allowed to happen indicates that there are too many people working creating these systems without the requisite knowledge and/or experience.

It is not uncommon to come across UNIX or Linux software that creates world-writable files, but that does not excuse such stupidity. What makes this worse is that it appears to be the primary interface to the memory system, which will negate all other security measures.

2
0
Anonymous Coward

Re: This fills me with dispair

"The fact that it was allowed to happen indicates that there are too many people working creating these systems without the requisite knowledge and/or experience."

Last I heard they called themselves Samsung.

0
1
Anonymous Coward

Re: This fills me with dispair

When you are too busy copying the latest Apple device errors will happen.

0
3
Anonymous Coward

Hahaha! that is all.

You think Samsung really cares about Linux and Android? it's just another cash cow for them. If you want Android you really need to get a Nexus device as at least Google is committed to Android.

1
1
Anonymous Coward

Hahahahahahahahahaha

For ordinary users it will take months to get an update...If at all for some of the devices...

Sure these things will happen fair enough, the good update/patching system that allows everyone is on the current stable secure version can easily take care of it...Oh wait there isn't one in the fragmented market...duh...

1
4

Re: Hahahahahahahahahaha

All Your Androids Are Belong To Us.

1
0
Anonymous Coward

Re: Hahahahahahahahahaha

We'll see about that, won't we. I just read that the monolithic Microsoft corporation has finally got around to patching the privacy escalation vulnerability in the font rendering code WITHIN THE WINDOWS KERNEL! Hahahahahahahahahaha

So, the clock's ticking... let's see if the "fragmented" Android/Linux ecosystem manages to fix this in less time than the TEN YEARS it took the monolithic Microsoft corporation to patch that privacy escalation vulnerability in the font rendering code WITHIN THE WINDOWS KERNEL! Hahahahahahahahahaha

Hahahahahahahahahaha Hahahahahahahahahaha Hahahahahahahahahaha Hahahahahahahahahaha Hahahahahahahahahaha Hahahahahahahahahaha

Care to place a wager sheeple?

0
0
Coffee/keyboard

At least Samsung allows you to escape...

... by installing alternatives like Cyanomodgen. Having such a Plan B is a strong point of Android. Unless you are stuck with vendors like Motorola, which allow only signed boot images. So you can have devices less than 2 years old and are stuck with Android 2.1 on no way out. *That* is bad.

2
0
Bronze badge

That's as bad as the eMMC bug that affects the MMC controller silicon and permanently bricks some devices, even using official firmware!

Thankfully, there is a vigilant bunch of devs over at XDA that uncover these issues for the rest of us. It's one of the many reasons I'm still using an Android based phone.

2
0
FAIL

Lay-zeee....

What's the betting the access flaw here is a product of "just get it out of the door, for god's sake" style decision-making?

Not impressed, Samsung, not impressed at all. pwn-capable from inside the Play store. Gah

2
0
Facepalm

The troll(s) are out in force today, like anyone convinced by a "coward" hadn't already made up their mind.

It's these sort of mistakes that make devices cooler in some ways, like when the PS3 first spilled its guts and had me all interested, until Sony wrecked it by pulling features that they couldn't maintain. Someone interested in pillaged features with a shiny bow on it like what Apple puts out would never understand. Obviously dangerous in the wrong hands, but then if you're dumb enough to install whatever goes on a smartphone, you're probably in the wrong market.

1
1
Anonymous Coward

"It's these sort of mistakes that make devices cooler in some ways"

That's just delusional. I'd be dead happy if the brakes on my car did not work - but perhaps that would be cooler in some ways.

"Obviously dangerous in the wrong hands"

You mean as in huge (HUGE) numbers of phones that will never be patched (whether Samsung bothers or the telco / users bother) and an app store where people could easily upload applications to exploit it. Yeah I'd be dead happy.

"but then if you're dumb enough to install whatever goes on a smartphone"

= most normal users who assume the app store or their device may be safe - but is not.

2
1
ijs
FAIL

Vodafone's UK response

They told me I had nothing to worry about. yo can read the transcript here.

http://mobilesandcellphones.blogspot.co.uk/2012/12/samsung-s3-security-hole-vodafones.html

I have also asked Samsung to comment

1
0
This topic is closed for new posts.

Forums