Will Verduzco · Mar 13, 2014 at 02:30 pm

Samsung Backdoor May Not Be as Wide Open as Initially Thought

Earlier today, we talked about how the Replicant team found a potential backdoor in Samsung’s proprietary radio software. As demonstrated in a proof-of-concept attack, this allowed certain baseband code to gain access to a device’s storage under a specific set of circumstances. But upon closer inspection, this backdoor is most likely not as bad as it was initially made out to be.

A few hours after posting our previous article on the alleged backdoor, a highly respected security expert who wishes to remain anonymous approached us, stating that the way in which the proof-of-concept attack was framed by the Replicant team was a bit misleading. Essentially, it boils down to the POC requiring a modified firmware with with security features disabled. Thus, if a user is running an updated version of the official firmware, this attack will not work. To that end, the Replicant team even states in their write-up that SELinux would considerably restrict the potential files that the modem can access, such as those on the /sdcard partition.

Now, another highly trusted security researcher (XDA Recognized Developer djrbliss) has gone on record with Ars, stating that there’s “virtually no evidence” that this is indeed a true backdoor, although his reasons are a bit different. There is absolutely no indication at this time that the baseband file access can be controlled remotely. Rather, this is only a “possibility,” since the baseband software is proprietary. Instead, it’s far more likely that this was only ever intended to write radio diagnostic files to the /efs/root directory, as that is is the radio user’s home directory.

In summary, we shouldn’t rush to replace our Samsung phones just yet. There is absolutely no evidence to state that this can be controlled remotely. And even if it were possible, using SELinux, which is set to Enforcing in stock firmware, would restrict the radio user’s access.


_________
Want something on the XDA Portal? Send us a tip!

Will Verduzco

willverduzco is an editor on XDA-Developers, the largest community for Android users. Will Verduzco is the Portal Administrator for the XDA-Developers Portal. He has been addicted to mobile technology since the HTC Wizard. But starting with the Nexus One, his gadget love affair shifted to Google's little green robot. He is also a Johns Hopkins University graduate in neuroscience and is now currently studying to become a physician. View willverduzco's posts and articles here.
Emil Kako · Apr 26, 2015 at 04:19 pm · 3 comments

Which Lockscreen Security Type Do You Use?

From pattern locks to the controversial face unlock, there are a number of different ways you can secure your Android phone's lockscreen. Some methods are clearly more secure than others, but it comes down to user preference at the end of the day. So, which lockscreen security type do you prefer and why?

DISCUSS
Chris Gilliam · Apr 26, 2015 at 12:00 pm · 4 comments

XDA Recap: This Week In Android (Apr 18 – 25)

Here in the digital XDA newsroom, we spend our days pouring over an average of 2,500 news items and forum threads every 24 hours. Only the most timely and interesting bits survive the editing process, but the portal's front page still sees weekly counts in excess of 100 posts. This is a glut of content to absorb, especially if following the news cycle isn't your full-time job. However, the tech world is vast, and the information must flow. With this in mind, please...

XDA NEWS
Mario Tomás Serrafero · Apr 26, 2015 at 11:00 am · 3 comments

Sunday Debate: Custom ROMs vs. Modular Tweaks

Join us in a fun Sunday Debate on Mods and ROMs. Come with your opinions and feel free to read some of our thoughts, then pick your side or play devil’s advocate to get your voice heard and engage in friendly discussion. You can read our food-for-thought or jump straight into the fray below!       PLEASE NOTE THIS DEBATE IS ABOUT FUNCTIONALITY AND PRACTICALITY AND NOT ANY IMPLICATIONS. LET’S AIM FOR FRIENDLY DISCUSSION Tweaking Android is what a...

XDA NEWS
Share This