Will Verduzco · Mar 13, 2014 at 06:00 am

Replicant Devs Discover Backdoor in Samsung Android Devices

You may recall that about five months ago, we touched upon a study demonstrating how OEM modifications are the primary cause for most “Android” security issues. Unfortunately, we offer yet another example of OEM-caused security issues—but this time, it’s not because of an OEM skin or bloatware. Rather, this is a potential vulnerability at a far deeper level: proprietary modem software.

The OEM in question is none other than Samsung, the Android ecosystem’s largest and most successful device manufacturer, and the backdoor itself comes as proprietary radio software. This software is responsible for communicating with the modem hardware, and is capable of implementing RFS commands. These RFS commands are then able to perform I/O operations on the device’s storage.

No big deal, right? I’ll just load CyanogenMod and be done with it. Wrong.

Since the cause is a proprietary radio software, changing to an aftermarket ROM will not solve anything, so long as the ROM uses Samsung’s proprietary blobs. In fact, the Replicant team used Galaxy Note II and Galaxy S III devices running CM10.1 to demonstrate how this was ROM-agnostic.

Currently the list of known affected devices includes the Galaxy S, Galaxy S II, Galaxy Note, Galaxy Tab 2, Galaxy S III, and Galaxy Note II, but it’s highly likely that many other Samsung devices are vulnerable. Furthermore, this also seems to affect the Samsung-built Google Nexus S and Galaxy Nexus, as this is a back door at the radio software level, rather than as a part of an OEM skin. Whatsmore, on certain devices, this incriminated process runs as root.

While it is entirely possible that there is a legitimate reason for this backdoor, it’s hard to envision a scenario where one would be necessary. As such, it would be great to hear Samsung’s official statement on the matter. Until then, perhaps it would be a good idea to look into fully open source projects like Replicant, or at the very least, building an aftermarket kernel capable of blocking (and logging) RFS command requests.

You can learn more by heading over to the source link below.

[Source: Replicant Project | Thanks to Ruelle for the tip!]


_________
Want something on the XDA Portal? Send us a tip!
Emil Kako · Jan 31, 2015 at 02:59 pm · 2 comments

Do You Prefer Physical or on Screen Buttons?

More and more smartphone manufacturers have been moving towards on-screen buttons, with Google really pushing for it over the physical button alternative. However, there are still a few OEMs (we're looking at you, Samsung) that have preferred to keep things a bit more traditional. Tell us which way you prefer and why.

DISCUSS
Pulser_G2 · Jan 31, 2015 at 02:08 pm · no comments

New AOSP Branch Details Potential Build System Upgrades?

While there are frequent unexplained changes and pushes to Google's AOSP repositories, an interesting-looking new branch has been pushed out recently, called "master-soong". Taking a look at the changes made to the manifest repository (which is used to specify the repositories to be downloaded when building Android), it appears there are some new repositories making an appearance. Of note here are new prebuilt repositories for Go, and Ninja. Go is a programming language, created by Google, which compiles to produce...

XDA NEWS
GermainZ · Jan 30, 2015 at 09:29 pm · 1 comment

Send Links to Any Nearby Device with CaastMe

There already are many solutions on the Google Play store if you want to send a link to one of your devices -- but what if you wanted to do it quickly without having to install any software or logging in to a website on the recipient end? Most apps require you to do either or both, which can be a hassle (or even a security risk) in some cases. Luckily, XDA Forum Member wyemun has developed CaastMe. Inspired by...

XDA NEWS