Will Verduzco · Mar 13, 2014 at 06:00 am

Replicant Devs Discover Backdoor in Samsung Android Devices

You may recall that about five months ago, we touched upon a study demonstrating how OEM modifications are the primary cause for most “Android” security issues. Unfortunately, we offer yet another example of OEM-caused security issues—but this time, it’s not because of an OEM skin or bloatware. Rather, this is a potential vulnerability at a far deeper level: proprietary modem software.

The OEM in question is none other than Samsung, the Android ecosystem’s largest and most successful device manufacturer, and the backdoor itself comes as proprietary radio software. This software is responsible for communicating with the modem hardware, and is capable of implementing RFS commands. These RFS commands are then able to perform I/O operations on the device’s storage.

No big deal, right? I’ll just load CyanogenMod and be done with it. Wrong.

Since the cause is a proprietary radio software, changing to an aftermarket ROM will not solve anything, so long as the ROM uses Samsung’s proprietary blobs. In fact, the Replicant team used Galaxy Note II and Galaxy S III devices running CM10.1 to demonstrate how this was ROM-agnostic.

Currently the list of known affected devices includes the Galaxy S, Galaxy S II, Galaxy Note, Galaxy Tab 2, Galaxy S III, and Galaxy Note II, but it’s highly likely that many other Samsung devices are vulnerable. Furthermore, this also seems to affect the Samsung-built Google Nexus S and Galaxy Nexus, as this is a back door at the radio software level, rather than as a part of an OEM skin. Whatsmore, on certain devices, this incriminated process runs as root.

While it is entirely possible that there is a legitimate reason for this backdoor, it’s hard to envision a scenario where one would be necessary. As such, it would be great to hear Samsung’s official statement on the matter. Until then, perhaps it would be a good idea to look into fully open source projects like Replicant, or at the very least, building an aftermarket kernel capable of blocking (and logging) RFS command requests.

You can learn more by heading over to the source link below.

[Source: Replicant Project | Thanks to Ruelle for the tip!]


_________
Want something on the XDA Portal? Send us a tip!
Mario Tomás Serrafero · Feb 28, 2015 at 03:45 pm · no comments

MWC 2015: What Are Your Predictions?

This wonderful Geek-Christmas time of the year is back once more, promising a lot of exciting reveals from big manufacturers such as HTC and Samsung, but also some pretty gems teased by other smaller OEMs. What kind of exciting products will we see? While we've got a lot of leaked information from the highly expected S6 and M9, there is still a lot to learn about both - and about everything else that will be shown. What kind of trends will...

XDA NEWS
Chris Gilliam · Feb 28, 2015 at 03:13 pm · 1 comment

Best Apps To View RAW Images On Android

Last week, I wrote about the best apps to unleash the raw photographic power of your Lollipop smartphone. All four of those cameras generate lossless DNG images with pounds of potential for apps like Photoshop to unlock, but what if you’re looking to edit or view those pics on the go? QuickPic, Google Photos, and the other mainstays treat raw images like they don't exist. This rundown seeks to fill the void and give you full control over your precious pictures....

XDA NEWS
Emil Kako · Feb 28, 2015 at 10:15 am · 1 comment

Which App Is Most Desperately in Need of an Update?

While the majority of the top apps have already incorporated Google's newest design language, there are still very many apps that are in need of some Material Design love. Which apps do you think are most desperately in need of an update?

DISCUSS
Share This