Will Verduzco · Mar 13, 2014 at 02:30 pm

Samsung Backdoor May Not Be as Wide Open as Initially Thought

Earlier today, we talked about how the Replicant team found a potential backdoor in Samsung’s proprietary radio software. As demonstrated in a proof-of-concept attack, this allowed certain baseband code to gain access to a device’s storage under a specific set of circumstances. But upon closer inspection, this backdoor is most likely not as bad as it was initially made out to be.

A few hours after posting our previous article on the alleged backdoor, a highly respected security expert who wishes to remain anonymous approached us, stating that the way in which the proof-of-concept attack was framed by the Replicant team was a bit misleading. Essentially, it boils down to the POC requiring a modified firmware with with security features disabled. Thus, if a user is running an updated version of the official firmware, this attack will not work. To that end, the Replicant team even states in their write-up that SELinux would considerably restrict the potential files that the modem can access, such as those on the /sdcard partition.

Now, another highly trusted security researcher (XDA Recognized Developer djrbliss) has gone on record with Ars, stating that there’s “virtually no evidence” that this is indeed a true backdoor, although his reasons are a bit different. There is absolutely no indication at this time that the baseband file access can be controlled remotely. Rather, this is only a “possibility,” since the baseband software is proprietary. Instead, it’s far more likely that this was only ever intended to write radio diagnostic files to the /efs/root directory, as that is is the radio user’s home directory.

In summary, we shouldn’t rush to replace our Samsung phones just yet. There is absolutely no evidence to state that this can be controlled remotely. And even if it were possible, using SELinux, which is set to Enforcing in stock firmware, would restrict the radio user’s access.


_________
Want something on the XDA Portal? Send us a tip!
Jimmy McGee · Mar 2, 2015 at 06:00 am · 1 comment

HTC One M9 & Samsung Galaxy S6 Unveiled – XDA TV

The HTC One M9 and the Samsung Galaxy S6 were unveiled at Mobile World Congress! That and much more news is covered by Jordan when he reviews all the important stories from this weekend. Included in this weekend's news is the announcement of the Huawei Watch Android Wear device and be sure to check out the article talking about IKEA selling Qi enabled furniture. That's not all that's covered in today's video! Be sure to check out the other videos...

XDA NEWS
Aamir Siddiqui · Mar 2, 2015 at 03:10 am · 2 comments

Sony Xperia Z4 Tablet, The Thinnest 10″ Tablet, Now Official

While the likes of Samsung and HTC were busy announcing their next big things in the mobile market at their Mobile World Congress events, Sony was turning up the heat in the tablet market with the launch of its latest offering, the Xperia Z4 Tablet. Coming with a 10.1" IPS display offering 2560 x 1600 pixel resolution, the Xperia Z4 tablet is the successor to the successful Z2 tablet released in 2014. As a true successor, the Z4 Tablet offers everything...

XDA NEWS
Emil Kako · Mar 1, 2015 at 04:12 pm · no comments

Samsung Galaxy S6 VS HTC One M9: Which Do You Prefer?

After months of anticipation, both the Samsung Galaxy S6 and HTC One M9 have finally been unveiled. Now that we have all seen both of the devices in all their glory, many of us have some decisions to make. Which of the two beasts do you prefer: the Galaxy S6 or the One M9? Let us know which device you plan on buying and why!

DISCUSS
Share This