Thanks to XDA-Developers’ forum member alephzain, a major vulnerability has been discovered that affects a number of popular Samsung devices using Exynos 4 System on a Chip (SoC) and Samsung kernel sources.
The security flaw in question was detected in the kernel that allows any user or app to have access to the affected device’s RAM and then check what's there or inject new processes. “In short, all Exynos 4 devices come pre-rooted directly from the manufacturers,” a Sammobile report has stated.
The issue of malware or malicious applications on the Android platform is nothing new. But when it comes to this latest find, it is said to be more threatening as it exists within the hardware itself. The XDA forum developer, who spotted the vulnerability, said that he was able to use the vulnerability to root his Samsung Galaxy S3 smartphone.
He also said that the exploit affects devices that are powered by the Exynos 4210 and 4412 processor, meaning that the affected devices could include Samsung Galaxy Note GT-N7000, Samsung Galaxy S2 GT-I9100, AT&T Samsung Galaxy S2 GT-I777, Samsung Galaxy S3 GT-I9300, LTE Samsung Galaxy S3 GT-I9305, Samsung Galaxy Note 2 GT-N7100, LTE Samsung Galaxy Note 2 GT-N7105, Samsung Galaxy Note 10.1 GT-N8000, Samsung Galaxy Note 10.1 GT-N8010 and Meizu MX.
As noted by alephzain, there are both good news and bad news attached to this new discovery. “The good news is we can easily obtain root on these devices and the bad news is there is no control over it.”
One of the developers at XDA forum, named Chainfire has already released an app based on the kernel exploit. “ExynosAbuse,” the newly released 1-click APK, uses the exploit in question to root a device with just a single click of a button.
On the flip side, alephzain pointed out that RAM dump, kernel code injection and other possible harms could be possible via app installation from the Play Store. Although there are many ways to inflict harm, Samsung has just provided yet another easy way to exploit, making the security hole more dangerous and exposing the phone to malicious apps.
What Should You Do?
Users are urged to make sure if their devices are affected or not. Moreover, for those users using a custom ROM to get away from the TouchWiz, they are advised to contact their ROM developer and see if that ROM's kernel is affected.
“If you're using a stock device and it's affected by this, your phone won't suddenly go rogue all on its own. You'll need to be mindful of what you're downloading and installing, especially if you're downloading and installing pirated copies of apps,” Jerry Hildenbrand of Android Central said. “There is no specific app permission to look out for, as any app is able to access the device memory. You'll have to be vigilant -- just like you always should be.”
Meanwhile, an XDA Developers forum member, Supercurio, has already released a quick and easy app that is claimed to patch the kernel exploit. The app will confirm whether the device is vulnerable and will close the exploit without requiring root access.
Below are the details about the free healing app, provided by Supercurio.
Characteristics of this app:
- Works on any device, lets you know if your system is vulnerable
- Doesn’t require root to apply the fix
- Doesn’t modify your system, copy files or flash anything
- Fix can be enabled or disabled at will
- Breaks proper function of the Front camera on Galaxy S3 Samsung official firmware when activated
- Might alter HDMI output functions on some devices (not confirmed)
- Cannot protect effectively against potential attacks (typically, on boot)
- The real fix by manufacturers or some carefully written custom kernels will indeed be the only true solutions to this vulnerability
- Comes without any kind of support or warranty
You can download the app here.
It should be noted here that devices like the Nexus 10 are safe since they are powered by an Exynos 5 processor, not the Exynos 4.