Will Verduzco · Mar 13, 2014 at 06:00 am

Replicant Devs Discover Backdoor in Samsung Android Devices

You may recall that about five months ago, we touched upon a study demonstrating how OEM modifications are the primary cause for most “Android” security issues. Unfortunately, we offer yet another example of OEM-caused security issues—but this time, it’s not because of an OEM skin or bloatware. Rather, this is a potential vulnerability at a far deeper level: proprietary modem software.

The OEM in question is none other than Samsung, the Android ecosystem’s largest and most successful device manufacturer, and the backdoor itself comes as proprietary radio software. This software is responsible for communicating with the modem hardware, and is capable of implementing RFS commands. These RFS commands are then able to perform I/O operations on the device’s storage.

No big deal, right? I’ll just load CyanogenMod and be done with it. Wrong.

Since the cause is a proprietary radio software, changing to an aftermarket ROM will not solve anything, so long as the ROM uses Samsung’s proprietary blobs. In fact, the Replicant team used Galaxy Note II and Galaxy S III devices running CM10.1 to demonstrate how this was ROM-agnostic.

Currently the list of known affected devices includes the Galaxy S, Galaxy S II, Galaxy Note, Galaxy Tab 2, Galaxy S III, and Galaxy Note II, but it’s highly likely that many other Samsung devices are vulnerable. Furthermore, this also seems to affect the Samsung-built Google Nexus S and Galaxy Nexus, as this is a back door at the radio software level, rather than as a part of an OEM skin. Whatsmore, on certain devices, this incriminated process runs as root.

While it is entirely possible that there is a legitimate reason for this backdoor, it’s hard to envision a scenario where one would be necessary. As such, it would be great to hear Samsung’s official statement on the matter. Until then, perhaps it would be a good idea to look into fully open source projects like Replicant, or at the very least, building an aftermarket kernel capable of blocking (and logging) RFS command requests.

You can learn more by heading over to the source link below.

[Source: Replicant Project | Thanks to Ruelle for the tip!]


_________
Want something on the XDA Portal? Send us a tip!

Will Verduzco

willverduzco is an editor on XDA-Developers, the largest community for Android users. Will Verduzco is the Portal Administrator for the XDA-Developers Portal. He has been addicted to mobile technology since the HTC Wizard. But starting with the Nexus One, his gadget love affair shifted to Google's little green robot. He is also a Johns Hopkins University graduate in neuroscience and is now currently studying to become a physician. View willverduzco's posts and articles here.
Mario Tomás Serrafero · May 6, 2015 at 04:56 pm · 1 comment

On Qualcomm’s Damage Control: Marketing and Rumors?

The Heated Snapdragon chronicles seemingly see no end, and 5 months into 2015 we are still discussing the Snapdragon 810. This is unfortunate, because it is rather clear that the market is moving away from it, and it’d be better to simply forget about this black stain once and for all. However, many websites can’t let it go - and in some ways, we are one of them - but only in response to claims that we think affect consumers...

XDA NEWS
Aamir Siddiqui · May 6, 2015 at 01:32 pm · 3 comments

Xiaomi Mi Note Pro With SD-810 Goes On Sale In China

The Xiaomi Mi Note Pro, announced on 15th Jan 2015, is Xiaomi's attempt at moving beyond the entry-level segment and targeting the higher end of the market which is usually Apple territory. At its heart, the phone follows on the Xiaomi philosophy by providing great specs at a great price. Talking about specs, the Xiaomi Mi Note Pro is a marked improvement over the Mi Note. While the dimensions and screen size remain the same, the resolution has received a...

XDA NEWS
Mathew Brack · May 6, 2015 at 11:47 am · 2 comments

Project Fi Invites Are Rolling Out

Google is now sending out the first wave of invites to its new wireless service, Project Fi. Users are already signing up and have shared the process with us. So far, it is clear that Project Fi users can have their Google Voice number transferred across if they wish, which will automatically move their Google Voice credit over as well.   What we have learned so far is that after a Voice number is transferred you will lose some functionality, but you will...

XDA NEWS
Share This