Replicant OS Developers Find Backdoor In Samsung Galaxy Devices 126
An anonymous reader writes "Developers of the Free Software Foundation-endorsed Replicant OS have uncovered a backdoor through Android on Samsung Galaxy devices and the Nexus S. The research indicates the proprietary Android versions have a blob handling communication with the modem using Samsung's IPC protocol and in turn there's a set of commands that allow the modem to do remote I/O operations on the phone's storage. Replicant's open-source version of Android does away with the Samsung library to fend off the potential backdoor issue."
Re:Third-party ROMs (Score:5, Insightful)
Most of the popular ROMs are made using the very same closed drivers the article is talking about to provide hardware compatibility - otherwise they would be exactly where Replicant is now.
Any third-party ROM for Galaxy devices that uses Samsung's library to communicate with the modem is vulnerable - so almost all of them are, including CyanogenMod.
RMS was right (Score:5, Insightful)
This is what you get for essentially renting a a black box with audiovideo and communication capability and letting 3rd parties control it fully: a personal tracker better than what the worst totalitarian regime could dream. There is no reason why operating systems or essential drivers should be shipped as binary blobs, not this day and age, not after the NSA revelations.
Re:OTA updates (Score:5, Insightful)
This is part of their undocumented protocol for communication with the modem. Modem can ask to read or write some file on disk using ...
And "undocumented protocol for communication" is different than a Backdoor how ?
Great for defense lawyers! (Score:3, Insightful)
This will be wonderful news for criminal defense attorneys. Is your client accused of having a couple of terrorists in his phone's contact list? Did a customs official conveniently find child porn pictures on your client's phone during a border crossing? Did the prosecutor haul out telco logs "proving" that your client was sending text messages to arrange a heroin deal?
Sounds to me like it's quite plausible that someone else put that $ILLEGAL_SHIT on your client's phone. After all, the capability was built right into the phone by Samsung.
RIL and EFS (Score:4, Insightful)
I don't find that surprising. When I was playing with CyanogenMod it became obvious to me that RIL reads/writes files from EFS partition on behalf of the modem because settings for the modem, like IMEI, state of network lock, preferred networks etc, are stored there. I am not sure whether the interface is general enough so the modem can ask for any file.
If they are concerned about binary blobs doing unknown stuff, RIL is small potatoes. There is huge GPS daemon binary made by 3rd party. Sensor drivers are linked with closed source processing libraries (AKM/akmd). Camera loads whole bunch of image/video processing libraries which are closed source/3rd party too. Lots of phones also use closed source 3rd party audio processing libraries. Not to mention 16MB of compressed modem firmware, running on modem CPU which is like another little independent computer.
Re:OTA updates (Score:4, Insightful)
I couldn't agree more. There is no evidence to suggest that it's a malicious backdoor.
No evidence to the contrary either, and worth questioning since this is a common theme. Motorola was found to be sending all kinds of data to Motorola servers without user knowledge, including specific authentication information in plain text, Apple's SSL mess up, Countless MS back doors in just about everything they make. Then you have other players that made horrible decisions costing them their phone business.
At a point we should at least wonder if these things are really just accidental and sloppy, or are they working as influenced/intended. The more we find that companies are doing the same things, the less plausible the "accidental" theory looks.
How to actually find out is the hard part. Any company doing things for a fat check and favors from a government realizes that whistle blowers will lose future checks and favors. I'd be very interested in seeing all the files the government has on this, especially things like how many employees on Government payroll are working at places like Intel, Samsung, Apple, Microsoft, etc (if any).. It's too bad the CIA and Senate fight won't do anything to open that door.