Will Verduzco · Mar 13, 2014 at 06:00 am

Replicant Devs Discover Backdoor in Samsung Android Devices

You may recall that about five months ago, we touched upon a study demonstrating how OEM modifications are the primary cause for most “Android” security issues. Unfortunately, we offer yet another example of OEM-caused security issues—but this time, it’s not because of an OEM skin or bloatware. Rather, this is a potential vulnerability at a far deeper level: proprietary modem software.

The OEM in question is none other than Samsung, the Android ecosystem’s largest and most successful device manufacturer, and the backdoor itself comes as proprietary radio software. This software is responsible for communicating with the modem hardware, and is capable of implementing RFS commands. These RFS commands are then able to perform I/O operations on the device’s storage.

No big deal, right? I’ll just load CyanogenMod and be done with it. Wrong.

Since the cause is a proprietary radio software, changing to an aftermarket ROM will not solve anything, so long as the ROM uses Samsung’s proprietary blobs. In fact, the Replicant team used Galaxy Note II and Galaxy S III devices running CM10.1 to demonstrate how this was ROM-agnostic.

Currently the list of known affected devices includes the Galaxy S, Galaxy S II, Galaxy Note, Galaxy Tab 2, Galaxy S III, and Galaxy Note II, but it’s highly likely that many other Samsung devices are vulnerable. Furthermore, this also seems to affect the Samsung-built Google Nexus S and Galaxy Nexus, as this is a back door at the radio software level, rather than as a part of an OEM skin. Whatsmore, on certain devices, this incriminated process runs as root.

While it is entirely possible that there is a legitimate reason for this backdoor, it’s hard to envision a scenario where one would be necessary. As such, it would be great to hear Samsung’s official statement on the matter. Until then, perhaps it would be a good idea to look into fully open source projects like Replicant, or at the very least, building an aftermarket kernel capable of blocking (and logging) RFS command requests.

You can learn more by heading over to the source link below.

[Source: Replicant Project | Thanks to Ruelle for the tip!]


_________
Want something on the XDA Portal? Send us a tip!

Will Verduzco

willverduzco is an editor on XDA-Developers, the largest community for Android users. Will Verduzco is the Portal Administrator for the XDA-Developers Portal. He has been addicted to mobile technology since the HTC Wizard. But starting with the Nexus One, his gadget love affair shifted to Google's little green robot. He is also a Johns Hopkins University graduate in neuroscience and is now currently studying to become a physician. View willverduzco's posts and articles here.
Mathew Brack · May 29, 2015 at 05:27 pm · 4 comments

Google No Longer Sending Calendar SMS Notifications

In a not entirely surprising move, Google announced that it's putting an end to SMS notifications for Google calendar as of June 27th. They stated earlier, "SMS notifications for Google Calendar launched before smartphones were available. Now in a world with smartphones and notifications, you can get richer, more reliable experience on your mobile device, even offline". Google Drive for Work, Google Apps for Work (paid edition), Education and Government customers will not be affected by these changes and can continue using...

XDA NEWS
Chris Gilliam · May 29, 2015 at 11:29 am · 4 comments

I/O Summary: Google Cardboard Virtual Reality

One year ago, Google introduced cardboard. Amazingly enough, that was all it took to fire up the Virtual Reality scene on Android, and what began as an open design concept exploded into thousands of apps and dozens of headsets from big and small vendors alike. Now, there are more than 1 million cardboard viewers/handsets - a Google-quoted number that might not even be accurate given the ease with which headsets can be rigged through off-the-shelf equipment. This year, cardboard returned...

XDA NEWS
Jimmy McGee · May 29, 2015 at 06:00 am · 4 comments

Android M Preview Images – XDA TV

Android M preview images are available. That and much more news is covered by Jordan when he reviews all the important stories from this week. Included in this week's news is the announcement of Google's Project Tango going on sale and be sure to check out the article talking about Google's Roboto font going open source. That's not all that's covered in today's video! Jordan talks about the other videos released this week on XDA TV. XDA TV Producer TK...

XDA NEWS
Share This