Forgot your password?
typodupeerror
Android Cellphones Handhelds Security

Huge Security Hole In Recent Samsung Devices 153

Posted by timothy
from the it's-like-they-handed-you-the-phone dept.
An anonymous reader writes "A huge security hole has been discovered in recent Samsung devices including phones like the Galaxy S2 and S3. It is possible for every user to obtain root due to a custom faulty memory device created by Samsung." The problem affects phones with the Exynos System-on-Chip.
This discussion has been archived. No new comments can be posted.

Huge Security Hole In Recent Samsung Devices

Comments Filter:
  • Great (Score:1, Offtopic)

    by Billly Gates (198444)

    Does that mean I can finally root and upgrade my crappy Galaxy S1 with Android 2.1 yet? Fucking AT&T

    • by aliquis (678370)

      Billy Gates wrote:

      Does that mean I can finally root and upgrade my crappy Galaxy S1 with Android 2.1 yet? Fucking AT&T

      You still prefer that one over your Lumia 920?

    • Re: (Score:2, Informative)

      by Anonymous Coward

      That phone has been rootable for ages. It runs Ice Cream Sandwich and even Jellybean quite smoothly with the proper ROM/kernel.

      • It's a feature !! (Score:5, Insightful)

        by Taco Cowboy (5327) on Sunday December 16, 2012 @07:49PM (#42309417) Journal

        Instead of considering that "security hole" a "security hole", consider it as a "feature".

        Just root the damn thing and unlock it !!

      • Which kernel and ROM? I have an old Fascinate running Gingerbread, and I rooted it, but I'm still using Touch wiz and the default kernel. Anymore it runs like total crap. (Possibly I have too many background processes, but if I kill them they seem to fire right back up).
        Since I have an iPhone 5 now I'm not too worried about it, but I still like tinkering. Call me weird, but I like both ios and android, both have pros and cons. I'm getting an android tablet for xmas this year.
        • by nullchar (446050)

          Once you root, you need to disable all the built-in shitty apps. I wrote a script to mkdir /system/app/disabled and then mv /system/app/${shittyapp}/ to /system/app/disabled/

          Easy to regex search/replace that disable.sh script to undo it (enable.sh) when you want to un-root so you can OTA upgrade (if you so choose).

          Script disables I500_BingSearchAndroid_07152010.apk so I can install EnhancedGoogleSearchProvider.apk to "de-Bing".

          I'm still on stock Fascinate 2.2 (didn't see the point of 2.3 on this phone, plus

          • I got rid of the bloatware already, via Titanium backup. What were they thinking with the whole Bing thing? I found one of the resource hogs of the phone is live wallpaper. I love the look of "plasma', but it just kills the phone.
    • by emag (4640)

      I rooted mine 2 years ago, while at a conference. What's been stopping you? CM10 is out for it, and I installed that last week. Of course, Friday my Nexus 4 arrived, so I don't need to touch my SGS1 ever again...

    • by cmdr_tofu (826352)

      Galaxy S1 is easy to root! You have to be careful and follow instructions, but it's easy. http://wiki.cyanogenmod.org/wiki/Samsung_Galaxy_S [cyanogenmod.org]

      Also Samsung has it's own update process called Kies, but it won't give you root: http://pages.samsung.com/ca/androidupgrade/English/ [samsung.com]

      I love my Samsung Galaxy S

    • Does that mean I can finally root and upgrade my crappy Galaxy S1 with Android 2.1 yet? Fucking AT&T

      Finally? There was no reason to wait, you could have rooted your Captivate last year I bet.

      With Samsung Kies, you should be able to upgrade your AT&T Captivate all the way to 4.0. That being said, you should root to get Android 4.2 at least (4.0 may be laggy for you, that's why I'm recommending that you root your phone instead, and just jump all the way to whatever is currently available without going through Samsung Kies).

      • by JayAEU (33022)

        Can you please provide a reference to an official Samsung ICS image for the Galaxy S1? Other than that, you'll find it pretty much impossible to upgrade it to 4.0 using Kies.

  • Not LTE GS3 (Score:5, Informative)

    by Anonymous Coward on Sunday December 16, 2012 @07:38PM (#42309333)

    This only effects the international S3, the US LTE version uses a Snapdragon CPU.

    • by xenobyte (446878)

      How about the international S3 LTE? - Mine is model GT-I9305

      • Re:Not LTE GS3 (Score:4, Informative)

        by compro01 (777531) on Monday December 17, 2012 @01:36PM (#42315305)

        Yes, the I9305 is affected.

        The list below is all models affected by this, which includes the international GS2 variant, as well as the Note 1 and 2, Galaxy Tab Plus, and Note 10.1.

        GT-I9100
        GT-I9300
        GT-I9305
        GT-N7000
        GT-N7100
        GT-N7105
        SGH-I317
        SCH-I605
        GT-P6210
        GT-N8000
        GT-N8010
        GT-N8013
        GT-N8020

        It does not affect the Snapdragon-based I747 (AT&T, Rogers, Bell and other major Canadian carriers) nor the T999 (T-mobile, as well as Canadian AWS carriers like Wind, Mobilicity, and Videotron)

  • Root (Score:2, Insightful)

    by Nerdfest (867930)

    I consider someone *else* running as root a security hole. As long as you need physical access, this is a feature. A phone that will not let you install what you want is broken.

    • Re:Root (Score:5, Informative)

      by 14erCleaner (745600) <FourteenerCleaner@yahoo.com> on Sunday December 16, 2012 @07:49PM (#42309415) Homepage Journal
      The problem is that this hole will allow any app to read or write to any of memory, allowing trojans.
      • Re:Root (Score:4, Insightful)

        by Nerdfest (867930) on Sunday December 16, 2012 @07:52PM (#42309441)

        That's definitely a problem. The way the summary is worded makes it sound like a user having root is a security exploit ... something most hardware and OS manufacturers seem to believe these days. I may have to break tradition and read the article.

        • Re:Root (Score:5, Informative)

          by Nerdfest (867930) on Sunday December 16, 2012 @08:05PM (#42309507)

          Looks like someone has a quick fix out. It's an app that sets the perms on the file properly, but it does cause problems with the camera on the S3. The app lets you toggle the permissions on and off so you can still use your camera is you wish. I haven't tried it as I don't have a phone with the hole, but teh XDA guys are pretty reputable: Here it is. [xda-developers.com] Certainly can't complain about the open source community on something like this, although it would have been nice if he reported it to Samsung a little in advance of the release of the problem.

          • Re: (Score:3, Interesting)

            "although it would have been nice if he reported it to Samsung a little in advance of the release of the problem"

            While that would have been nice, it is very debatable if it is wise. With Samsung, you just don't know. Security holes have been reported to Samsung that have been fixed nigh instantly, while other well known problems that can cause hard-bricks (device becomes a non-recoverable paperweight) on various devices have been known for almost a year - including the fixes - and the issue is still present

            • by epine (68316)

              While that would have been nice, it is very debatable if it is wise.

              If they ever update The Fifth Discipline: The Art and Practice of the Learning Organization [wikipedia.org] I'm sure they can cull a hundred pages of business-speak blather to make room for an additional chapter on the pernicious feedback loops of responsible disclosure.

              Normally we allow markets to punish corporations for sloppy work. Causing grave identity harm to your customer base is the kind of sloppy work deserving of punishment. And then, you know,

            • by AmiMoJo (196126) *

              Without knowing the nature of these "hard-brick" problems it is difficult to say if Samsung did the right thing but not rushing a fix. When you have tens or hundreds of millions of devices in the field you only rush fixes if they are security critical, not if they can result in something that the service department can fix and that only happens in very unusual circumstances. Fixes can make things unintentionally worse if not carefully tested.

              Considering there have been no widespread reports of ordinary user

              • Who said anything about rushing ? That specific problem has been known for a long time, and most affected devices have received several updates since then. The fix is literally a one-liner in the kernel source, disabling "secure erase". When a user "resets to factory settings" (e.g. wipe all user data) the device performs an erase command. Somewhere in Android 3.x or 4.0 Google changed the default behavior from normal erase to a secure erase. The eMMC chips Samsung used were never properly tested for this,

        • Re:Root (Score:5, Informative)

          by stephanruby (542433) on Sunday December 16, 2012 @09:03PM (#42309803)

          The way the summary is worded makes it sound like a user having root is a security exploit ...

          The Cleaner is correct. In the case of Android, each application is considered a separate user. That's how applications are sandboxed away from each other. This way, an application only has access to its own files (which reside in its home folder). An application only has access to its own SQlite database instances (which again reside only within its own home folder, since SQLite is file-based, this arrangement works). With its own userid, an application can only access its own process and its own data. Etc.

          In other words, Android is an operating system built on top of another operating system and Android doesn't try to completely reinvent the wheel when it comes to security.

        • by hawguy (1600213)

          That's definitely a problem. The way the summary is worded makes it sound like a user having root is a security exploit ... something most hardware and OS manufacturers seem to believe these days. I may have to break tradition and read the article.

          For most users, having root *is* a security exploit. Few users know how to tell whether the application they are installing as root is "safe".

          • by spyked (1878060)

            Mod parent up. It's called the Principle of least privilege [wikipedia.org], which Unix systems implement using mechanisms like sudo. Having root access on Android systems breaks this to some extent.

          • The real problem is andriod's permission system is broken. Specifically there are two major problems.

            1: there is no way for a user to go through the permissions an app wants and decide what permissions it shoudl actually get.
            2: there are some privilages apps simply can't get though the normal permissions system even though them would allow the app to be more useful.

            "Rooting" works arround problem 2 and I belive can allow the installation of apps that attempt to solve problem 1

    • by tlhIngan (30335)

      I consider someone *else* running as root a security hole. As long as you need physical access, this is a feature. A phone that will not let you install what you want is broken.

      So how do you know what you're installing WON'T take advantage of this and break through the Android permissions model? (Permissions system doesn't apply if you have root, after all).

      Several Android malware apps have attempted to root the user's phone before, so it's possible that some app you download may try the same. And all they'

      • by Nerdfest (867930)

        You don't. Nor do you know that the web site you browse to or JPG you view doesn't exploit a buffer overflow and break out of its VM sandbox. Same applies for an iPhone and your desktop. Having people able to review the source of the applications is a good start, but there is always some risk.

  • Are you sure it wasn't a faulty custom memory device instead?
    • Re: (Score:2, Funny)

      by Anonymous Coward
      Haven't you heard about Samsung's new strategy?

      1.) Become the go to name in customized faulty memory devices
      2.) ?????
      3.) Profit
  • by Andy Prough (2730467) on Sunday December 16, 2012 @07:51PM (#42309433)
    The Google ad on the page for TFA states "Root Any Android Device In 1 Touch! Easy To Use Automatic Root Software". Talk about context-sensitive ads!!
  • by SirJorgelOfBorgel (897488) on Sunday December 16, 2012 @08:12PM (#42309535)

    Strangely, TFA makes no mention of an app built to actually use this exploit to install SuperSU (root access management app): http://forum.xda-developers.com/showthread.php?t=2050297 [xda-developers.com] - i.e. what most users consider getting rooted.

    Of course, this exploit can be used by any app, and a user can use the core exploit manually to install SuperSU (or Superuser) to let Play apps that need root (but don't contain this exploit ;)), but the linked method does all the work for you already.

  • Why did you link to that horrible advertisement of a webpage? Google even gives the Wikipedia page [wikipedia.org] as the first result...
  • by gelfling (6534) on Sunday December 16, 2012 @08:58PM (#42309743) Homepage Journal

    Tim Cook needs to sue them for that one.

  • How is this even remotely a security hole? Much less a "Huge" one? Owners can gain root access to their own device? God forbid!

    • Re:security hole? (Score:5, Informative)

      by countach (534280) on Sunday December 16, 2012 @09:10PM (#42309865)

      Err, because any app you download can p0wn your phone?

    • Re:security hole? (Score:4, Informative)

      by nedlohs (1335013) on Sunday December 16, 2012 @09:12PM (#42309881)

      Because some random app could subvert the permissions it was granted at install and do whatever the hell it wants?

    • by pepsikid (2226416)
      It's a considerable "security issue" because it may provide a vector through which you could install any app, ringtone, mp3, wallpaper, etc., that you did not buy from the manufacturer (thinking of currently un-rootable devices here). You could disable un-installable apps you mfger wants you to have. You could inspect and monitor your phone's memory and data transactions in such detail as to learn what information your mfgr, or installed apps, harvests from your activity. Heavens, you could finally back up
      • by pepsikid (2226416)
        ...of course, it's the *providers* who demand the crippled firmware, but SS is only too happy to provide the custom lobotomies.

        /yes, they have your PIN, PIN2 SIMM and every other number you're asking for.
        //yes, the're lying about not having this information, but noone you can get ahold of on the phone has it.
  • Sounds like Samsung is ripping off Sony security.

    Quick! Get Kaz Hirai on the phone!

  • I was considering purchase of a Galaxy S2 in the next 12 hours. Now I can't justify spending the money on it knowing it has a gaping security hole. Is there a possibility this could affect the similarly spec'd Samsung Galaxy S Advance? It has a STE U8500 chipset so if it's truly only an Exynos chipset vulnerability it should be fine, but this leaves me wondering about Samsung. Perhaps more telling would be waiting to see what, if anything, Samsung does about this.
  • The page describing the exploit is from september. Is that a news?
  • Use this APK to get root and install superSU
    http://forum.xda-developers.com/showthread.php?t=2050297 [xda-developers.com]

    Now, whenever any app asks for root permissions, you will be asked whether you want to give root. This is how it used to work in my older rooted devices.

  • Commenting to remove an accidental mod, a sad mistake that caused many tears.
  • Does that mean the HRS Hotels app can be deleted more easily?

    Naah, they obviously would have dealt with preventing that more thoroughly as marketing depts. with deep pockets were involved.
  • There is no issue, everything is fine.

    Sent from my Samsung Galaxy S3

"Never give in. Never give in. Never. Never. Never." -- Winston Churchill

Working...