Monday, December 17, 2012

Security Flaw Could Open Samsung Galaxy S III and Galaxy Note II Devices To Attack

A major vulnerability has been discovered that could allow a would be attacker to remotely gain access to Samsung Galaxy S III and Galaxy Note II smartphones. The vulnerability was first discovered by XDA Developers forum member “alephzain” who uncovered the problem and noted that an attacker could use a relatively harmless looking Play Store app to potentially access information from the phone’s RAM or even inject malicious code directly into its kernel. It has also been reported that the vulnerability could affect all devices that are equipped with a Exynos 4210 or 4412 processor and utilize Samsung’s kernel.

A spokesperson for the company reached out to CNET and confirmed that it is “currently in the process of conducting an internal review” of the issue.

Affected devices include versions of Samsung's S2 and S3 mobile phones, the Galaxy Note and Note II, Galaxy Note Plus and Galaxy Note 10.1, according to the post by Chainfire.

What should I do?

First, make sure your device is on the list of one that could be affected. The company has yet to offer an explanation for this potentially harmful exploit, so meanwhile we’ll just list some of the devices that could be affected, at least in theory, by malicious apps that would target this exploit:
  • Samsung Galaxy S2 GT-I9100
  • Samsung Galaxy S3 GT-I9300
  • Samsung Galaxy S3 LTE GT-I9305
  • Samsung Galaxy Note GT-N7000
  • Samsung Galaxy Note 2 GT-N7100
  • Verizon Galaxy Note 2 SCH-I605 (with locked bootloaders)
  • Samsung Galaxy Note 10.1 GT-N8000
  • Samsung Galaxy Note 10.1 GT-N8010.
If you're using a stock device and it's on the list don't worry, it won't be hacked all on its own. You'll need to be mindful of what you're downloading and installing, especially if you're downloading and installing apps that might not be official. (Which you should be mindful of anyway.) There is no specific app permission to look out for, as any app is able to access the device memory. You'll have to be vigilant -- just like you always should be. It's is note worthy that nobody has seen or heard of any malware that is currently using this bug.

No comments:

Post a Comment

All comments will be moderate for content, please be patient as your comment will appear as soon as it has been reviewed.

Thank you