back to article Samsung mobes pwned by ANY APP, thanks to chip code hole

A member of an XDA developers forum who calls him-or-herself Alephzain claims to have found a flaw in several Samsung handsets and tablets that could allow attackers to enjoy full access to their RAM. Alephzain posted news of the embarrassing bug here, stating: “The security hole is in [the] kernel, exactly with the device / …

COMMENTS

This topic is closed for new posts.
  1. MrT

    Chainfire...

    ... knows his stuff.

    What's more worrying is they are finding an increased number of handsets vulnerable to this - and it works on stock unrooted kit, ie no unlocked bootloaders, and therefore presumably won't even trip the onboard root detection.

    1. Anonymous Coward
      Thumb Up

      Re: Chainfire...

      Yes, shame it was not reported in media as accurately.

      The issue is not with the actualy chip or chips but with the customised kernel samsung use and with that it is the classic case of having a memory device driver with full world permisions. So coud fix it with chmod, though may break some other things like the camera. Depends upon how well coded they made those dependants.

      When people want root they complain when they can't get it and when its handed to them on a plate, well, they moan. Still pretty sloppy of samsung to mess up something like file permisions, and if anything indicative of how well they audit there phones for security. This is pretty much school boy error level of mistake on samsungs part.

      Still those worried can easily install a 3rd party ROM now, so win win.

      1. Anonymous Coward
        Anonymous Coward

        Re: Chainfire...

        No it's sloppy and unacceptable.

      2. Anonymous Coward
        Anonymous Coward

        Re: Chainfire...

        Yeah like how many people could / would actually install a 3rd part ROM - I'd guess less than 1%.

        1. Anonymous Coward
          Anonymous Coward

          Re: Chainfire...

          "Yeah like how many people could / would actually install a 3rd part ROM - I'd guess less than 1%."

          And I guess 100% of people can / will install a 3rd party ROM.

          Guesses with no basis in fact are completely useless.

  2. Silverburn
    Gimp

    I have a galaxy note, and this is not good news. Im pretty pissed off. Is it because I expected better?

  3. gort
    Alert

    Headline is flawed

    It's not a flaw in the System-On-Chip, it's a flaw in the security rights given to Samsung's device driver that interfaces with the SOC's memory. It's fixable with a simple software patch. Unfortunately Samsung are terrible at getting software patches out, and suddenly they have loads to issue.

    1. Paul Crawford Silver badge

      Re: Headline is flawed

      All 'operating systems' have flaws, some more than others and some patch easier than others, but we get used to the idea that every so often (and that is usually <= month) we get some minor update to fix problems and close vulnerable orifices.

      It is just a shame that phones, which now run as full and operating system as one could imagine, seem so utterly crap at being updated. Not just the the manufacturers don't seem to care much (thinking of you, HTC) but even when they do offer a patch it is often of the "save your settings and factory wipe" the phone. The sort of brain-dead approach when Windows95, etc, got upset all those years ago.

      Why have they not learned from desktop OS that patching is, sadly, inevitable so make it something that is easy and (normally) automatic?

      Yes, I know of diverse hardware but that is something that should be well within the capabilities of the manufacturer to have automated build/test setups. And yes, I know of the crapware some telcos add to a phone, but again that should be unimportant for OS patches as that is stuff that (should) runs on top of the core OS.

      1. gort

        Re: Headline is flawed

        Patches on my Nexus 7 and Galaxy S running Cyanogenmod are no-wipe and easy enough. For Cyanogenmod I just use the Cyandelta app, which downloads the difference between the current build and the last one I installed. The Nexus 7 just notifies and downloads an over-the-air update. Both require a reboot but that's about all.

      2. Lamont Cranston

        @ Paul Crawford

        Common sense in short supply, as usual. Of course, it doesn't matter, as we're supposed to bin our mobiles every 12 months.

      3. Anonymous Coward
        Anonymous Coward

        Re: Headline is flawed

        You're not paying for the OS, remember that it is open source and free. Fix it yourself [tm].

        1. dotdavid

          Re: Headline is flawed

          "You're not paying for the OS, remember that it is open source and free. Fix it yourself"

          Perhaps an obvious troll, but while Android may be free the kernel drivers may not be, and even if they are by default Samsung do not allow you to install custom firmware on your phone.

      4. Anonymous Coward
        Anonymous Coward

        Re: Headline is flawed

        Does it not frighten anyone else to think of all these small computers (with as much power as desktops of a few years ago) with fast Internet access being compromised (botnets etc.). Also you tend to put a lot of personal information on these devices - emails, texts, online banking, address book - perhaps even more so than an average desktop.

    2. Anonymous Coward
      Anonymous Coward

      welcome to the IT world; a tip for a new comer, don't get pissed off until the vender say's that they won't fix it because the product have entered its end of life cycle.

    3. diodesign (Written by Reg staff) Silver badge

      Re: Headline is flawed

      We like to keep things lively and punchy, and sometimes headlines need to keep things simple to work. But I've tweaked it anyway.

      I'd like to think the article quickly explains the location of the flaw, eradicating any doubt.

      C.

      1. Anonymous Coward
        Anonymous Coward

        Re: Headline is flawed

        "We like to keep things lively and punchy, and sometimes headlines need to keep things simple to work."

        So let's not confuse facts with good copy ?

      2. Sorry that handle is already taken. Silver badge

        Re: diodesign

        The headline still contains a typo.

    4. fajensen Silver badge
      Flame

      Re: Headline is flawed

      Good Luck on getting any of those installed with that useless pile of crap KIeS crapplication that Samsung has inflicted on the world!

      I though that Sony Ericsson had shitty support software, but after KIeS, I think that it is actually pretty good ;-)

      1. Anonymous Coward
        Anonymous Coward

        Re: Headline is flawed

        So how many models of handset will not get updated as they are considered out of warranty / end of life and of those that can be updated how many of those will and so how many people will still be at risk from rogue apps = lots.

        1. MrT

          Kernel drivers...

          ... are the reason that even Cyanogen can't develop their newest for the original HTC Desire - if the manufacturer doesn't release them there's not much to do except hope that your chef of choice still keeps cooking up Gingerbread in the ROM kitchen.

          OTOH this kernel fault is hitting millions so if Samsung fix it on one handset there's a good chance it'll work across them all (providing it's low-level enough) - Galaxy S2 and up with their own CPU (as opposed to Qualcomm like in US S3s). They've rolled out kernel patches before without needing to fuss with Network kludge, so I wouldn't give up hope. I reckon if they've rolled 4.x out for the handset it'll likely be covered.

          Then again, my record on winning bets is jot good - might as well bet against me just to be sure... ;-)

    5. Anonymous Coward
      Anonymous Coward

      Did you really think Samsung were a quality brand who really love Android? why are they funding Tizen and have Bada as well then?

      They're into the Android market to make money, plain and simple. Unfortunately that means that security isn't their concern, they leave that to Google to sort out.

      1. csumpi
        Stop

        You make it sound like there is any large corporation out there who is in [their respective business] because they love [you | your feelings | your security | your whatever], not because they want to make buckets of money.

    6. Anonymous Coward
      Anonymous Coward

      Re: Headline is flawed

      But if a lot of Samsung's code is written to use this "hole" then that will stop working once fixed.

    7. Kevin McMurtrie Silver badge

      Don't hold your breath

      Many of us with the "Epic 4G" version of the Galaxy SII still have unresolved issues with the phone after over a year. GPS radio dies, cell radio dies, Bluetooth dies, WiFi/3G/4G goes to sleep while in use, the notification light doesn't work, it destroys batteries, and the soft keys don't always work. The camera works well but forget about using it as a phone or data device. Samsung repair says it "passes all tests", even when they have returned it to me dead, and Sprint has never been more helpful than removing bad software patches installed by Samsung.

      1. Anonymous Coward
        Anonymous Coward

        Re: Don't hold your breath

        ... and you are surprised?

    8. Anonymous Coward
      Anonymous Coward

      Re: Headline is flawed

      Erm... are we sure the problem is the headline?

      It sounds like permissions problem on /dev/exynos-mem to me? How's that a hardware fault? I can't see why it's necessarily even a kernel fault... wouldn't it be "solved" by running apps in a group of their own, or for finer control, as individual users? Much as is done routinely with potentially dangerous daemons on grown-up *NIXen?

      Anon as I seem to be the only one thinking this - so I presume I've missed something blindingly obvious :-B

  4. Anonymous Coward
    Anonymous Coward

    It's ok. Android owners don't have anything worth taking. This was made obvious by their phone choice.

    1. Anonymous Coward
      Anonymous Coward

      Yawn

      Can't trolls be original anymore?

      1. Anonymous Coward
        Anonymous Coward

        Re: Yawn

        Somebody trolling android = apple fanboy.

        Since when has anything Apples done ever been original.

        1. Anonymous Coward
          Anonymous Coward

          Re: Yawn

          Since when has anything Apples done ever been original.

          Since the patent: If Apple has not patented anything (yet), then per definition, it is not original.

  5. nuked
    Unhappy

    Well if you just start from a point where you assume that no device is even remotely secure (no pun intended), then nobody should be at all surprised or disappointed by this.

    Sad, but true.

  6. MrWibble

    Chainfire patch

    If you look around XDA some more, Chianfire has release an apk, which applies root, then closes this hole

    http://forum.xda-developers.com/showthread.php?t=2050297

    1. Tom Jasper

      Re: Chainfire patch

      "one of which – Chainfire - has thoughtfully provided an exploit for the flaw"

      El'Reg , Hmmm - I read that to say that Chainfire has provided something to exploit the flaw (i.e. making it easier for some kiddie or fiend to do the nasty).

      I think what you meant to say was that Chainfire has provided a test to establish whether the exposure exists on a device and, like wot Mr Wibble said, he's produced a nice little patch (although it fcks up the camera so you have to revert and reapply as required.

      Meantime, only download stuff that is from an established good developer and not some fly by night screen saver / crass game developer from the Play store (or elsewhere).

  7. Anonymous Coward
    Anonymous Coward

    root

    Does this mean there are now a few million devices out there that can be rooted as easily as iPhones and without unlocking the bootloader? I would treat that as both good news and bad news...

  8. Peter Gathercole Silver badge
    Facepalm

    This fills me with dispair

    This is one of the security 101 things to check on any UNIX-like OS. The fact that it was allowed to happen indicates that there are too many people working creating these systems without the requisite knowledge and/or experience.

    It is not uncommon to come across UNIX or Linux software that creates world-writable files, but that does not excuse such stupidity. What makes this worse is that it appears to be the primary interface to the memory system, which will negate all other security measures.

    1. Anonymous Coward
      Anonymous Coward

      Re: This fills me with dispair

      "The fact that it was allowed to happen indicates that there are too many people working creating these systems without the requisite knowledge and/or experience."

      Last I heard they called themselves Samsung.

    2. Anonymous Coward
      Anonymous Coward

      Re: This fills me with dispair

      When you are too busy copying the latest Apple device errors will happen.

  9. Anonymous Coward
    Anonymous Coward

    Hahaha! that is all.

    You think Samsung really cares about Linux and Android? it's just another cash cow for them. If you want Android you really need to get a Nexus device as at least Google is committed to Android.

  10. Anonymous Coward
    Anonymous Coward

    Hahahahahahahahahaha

    For ordinary users it will take months to get an update...If at all for some of the devices...

    Sure these things will happen fair enough, the good update/patching system that allows everyone is on the current stable secure version can easily take care of it...Oh wait there isn't one in the fragmented market...duh...

    1. A n o n y m o u s

      Re: Hahahahahahahahahaha

      All Your Androids Are Belong To Us.

    2. Anonymous Coward
      Anonymous Coward

      Re: Hahahahahahahahahaha

      We'll see about that, won't we. I just read that the monolithic Microsoft corporation has finally got around to patching the privacy escalation vulnerability in the font rendering code WITHIN THE WINDOWS KERNEL! Hahahahahahahahahaha

      So, the clock's ticking... let's see if the "fragmented" Android/Linux ecosystem manages to fix this in less time than the TEN YEARS it took the monolithic Microsoft corporation to patch that privacy escalation vulnerability in the font rendering code WITHIN THE WINDOWS KERNEL! Hahahahahahahahahaha

      Hahahahahahahahahaha Hahahahahahahahahaha Hahahahahahahahahaha Hahahahahahahahahaha Hahahahahahahahahaha Hahahahahahahahahaha

      Care to place a wager sheeple?

  11. pklausner
    Coffee/keyboard

    At least Samsung allows you to escape...

    ... by installing alternatives like Cyanomodgen. Having such a Plan B is a strong point of Android. Unless you are stuck with vendors like Motorola, which allow only signed boot images. So you can have devices less than 2 years old and are stuck with Android 2.1 on no way out. *That* is bad.

  12. b166er

    That's as bad as the eMMC bug that affects the MMC controller silicon and permanently bricks some devices, even using official firmware!

    Thankfully, there is a vigilant bunch of devs over at XDA that uncover these issues for the rest of us. It's one of the many reasons I'm still using an Android based phone.

  13. Andy Watt
    FAIL

    Lay-zeee....

    What's the betting the access flaw here is a product of "just get it out of the door, for god's sake" style decision-making?

    Not impressed, Samsung, not impressed at all. pwn-capable from inside the Play store. Gah

  14. ZeroP
    Facepalm

    The troll(s) are out in force today, like anyone convinced by a "coward" hadn't already made up their mind.

    It's these sort of mistakes that make devices cooler in some ways, like when the PS3 first spilled its guts and had me all interested, until Sony wrecked it by pulling features that they couldn't maintain. Someone interested in pillaged features with a shiny bow on it like what Apple puts out would never understand. Obviously dangerous in the wrong hands, but then if you're dumb enough to install whatever goes on a smartphone, you're probably in the wrong market.

  15. Anonymous Coward
    Anonymous Coward

    "It's these sort of mistakes that make devices cooler in some ways"

    That's just delusional. I'd be dead happy if the brakes on my car did not work - but perhaps that would be cooler in some ways.

    "Obviously dangerous in the wrong hands"

    You mean as in huge (HUGE) numbers of phones that will never be patched (whether Samsung bothers or the telco / users bother) and an app store where people could easily upload applications to exploit it. Yeah I'd be dead happy.

    "but then if you're dumb enough to install whatever goes on a smartphone"

    = most normal users who assume the app store or their device may be safe - but is not.

  16. ijs
    FAIL

    Vodafone's UK response

    They told me I had nothing to worry about. yo can read the transcript here.

    http://mobilesandcellphones.blogspot.co.uk/2012/12/samsung-s3-security-hole-vodafones.html

    I have also asked Samsung to comment

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019