Suspected Security Hole Found In Many Samsung Devices

[Chicog]

Another Samsung cock up:

Developer finds vulnerability in Exynos 4-powered devices, including the Galaxy S2 and Galaxy Note, that bypasses system permissions, letting data be extracted from RAM or malicious code be injected.

A suspected security hole affecting a handful of Samsung smartphones could give apps access to user data and leave the handset vulnerable to malicious apps and bricking, according to a developer.

The vulnerability, which was discovered and detailed by an XDA member with the handle "alephzain," lies in Exynos 4, the ARM-based system-on-chip typically found in Samsung smartphones and tablets. Alephzain developed an exploit he said bypasses the system permissions, allowing any app to extract data from the device's RAM or inject malicious code into the kernel.

"The good news is we can easily obtain root on these devices and the bad is there is no control over it," alephzain writes.Alephzain said that he stumbled upon the vulnerability while trying to find a new way to root his Galaxy S3, but that the exploit affects the Galaxy S2, Galaxy Note, and Meizu MX as well. However, the Nexus 10 is unaffected as it uses the Exynos 5 chip.

CNET has contacted Samsung for comment for comment and will update this report when we learn more.

[MJCM]

Solution can found here:

http://project-voodoo.org/articles/instant-fix-app-for-exynos-mem-abuse-vulnerability-no-root-required-reversible

[Chicog]

Solution can found here:

http://project-voodo...ired-reversible

Not ideal, is it?

Limitations:

• Break proper function of the Front camera on some Galaxy S III and Galaxy Note II Samsung official firmwares when activated.
  Workaround: enable HDR or Low light photography camera mode. Both blend multiple exposures.
  
• Might alter MHL/HDMI output functions on some devices (not confirmed)
  
• Cannot protect efficiently against some potential attacks (typically, on boot).
  The real fix by manufacturers or some carefully written custom kernels will indeed be the only true solutions to this vulnerability − and won’t introduce any feature regression like this one does with some firmwares on cameras.
  
• Comes without any kind of support or warranty.
  

[Riggi]

Or, don't use the stock kernel.

I'm using the Note2Core kernel v2.1

I was using it before the exploit was identified, but it doesn't appear to have the vulnerability.

I'm sure there other kernels for all of the devices in which the flaw is not existent.

Granted, it shouldn't even be an issue you have to deal. But it's most likely only going to be a threat to someone downloading a dodgy, or pirated apk to begin with.

In which case, they are probably not running stock anyway.

[Pib]

Or just use the affected Samsung models as normal...don't worry about it unless you start seeing TV news reports about the security flaw.

Seems we see some security notices daily on operating system and/or manufacturer's model XYZ. Heck, I get a bunch of security updates approx twice a month for my Windows 7 operating system, various pieces of Microsoft productivity software (Word, Excel, etc), etc....been going on for years with Microsoft....all these security issues hasn't affected me yet nor I expect the other 99.9 plus percent of folks using Microsoft. I know we are talking an Android device; just using Microsoft as an example. Expect Android devices will have security issues....also Apple devices...also XYZ devices/systems...etc...etc....etc.

[Chicog]

Or just use the affected Samsung models as normal...don't worry about it unless you start seeing TV news reports about the security flaw.

Seems we see some security notices daily on operating system and/or manufacturer's model XYZ. Heck, I get a bunch of security updates approx twice a month for my Windows 7 operating system, various pieces of Microsoft productivity software (Word, Excel, etc), etc....been going on for years with Microsoft....all these security issues hasn't affected me yet nor I expect the other 99.9 plus percent of folks using Microsoft. I know we are talking an Android device; just using Microsoft as an example. Expect Android devices will have security issues....also Apple devices...also XYZ devices/systems...etc...etc....etc.

The difference is that this is out there with the exploit.

[Chicog]

Update from Trend..

Trend Micro updates security app to detect Samsung attacks

Samsung has yet to patch the flaw, which can allow a malicious application to access a device's entire memory

By Jeremy Kirk, IDG News Service | Security

December 18, 2012, 10:19 PM — Trend Micro has updated its mobile security software to detect potential attacks on several Samsung Electronics devices that have a flaw that could allow a malicious application to access all of the phone's memory.

The company's Mobile Security product now contains a "pattern" that will detect if an application attempts to exploit the flaw, which it called as serious as a "remote code execution vulnerability on Windows."

The vulnerability, described by Lookout Mobile Security as a failure to restrict kernel address space mapped to userspace via /dev/exynos-mem, is present in devices that use Samsung's 4210 and 4412 Exynos processors. Samsung has not publicly commented on the problem, and it remains unpatched.

Vulnerable devices include versions of Samsung's S2 and S3 mobile phones, as well as the Galaxy Note, Note II, Note Plus and Note 10.1.

Jonathan Leopando, a technical communications specialist with Trend Micro, said in an interview that the company has not found an example of a malicious application in the wild using the vulnerability but one will likely be found "sooner or later."

"We also believe that because of the popularity of the devices that are affected by this vulnerability that the impact could be significant," Leopando said.

After the vulnerability was described on the XDA Developers forum on Sunday, a user by the nickname "Chainfire" posted an Android application package (.apk) file that successfully exploits it.

The application has also been engineered to disable the exploit, but that function can cause other problems, such as the device's camera to stop working.

Lookout advised that "until an official device patch is released, we urge consumers with vulnerable devices to exercise caution when downloading and installing applications."

[Chicog]

Samsung promises fix for vulnerability in Android devices

The vulnerability, which could allow access to the entire memory of a device, affects a range of Samsung devices

By Jeremy Kirk

Thu, December 20, 2012

.

IDG News Service — Samsung said Wednesday it is working on an update for a software flaw that could allow attackers to siphon personal data from a phone.

The vulnerability affects Samsung's S2 and S3 phones and several models of its Galaxy line, including the Note, Note II, Note Plus and Note 10.1, all of which use the Korean company's Exynos 4210 and 4412 model processors.

The flaw and an exploit was disclosed on Sunday on XDA Developers, a forum for mobile developers. Samsung's engineers apparently made a poor configuration mistake involving the Android kernel and failed to restrict kernel address space mapped to userspace via the /dev/exynos-mem device driver.

An application incorporating the exploit was created by a developer nicknamed Chainfire on the forum.

Chainfire's application allows users to modify the phone to make the exploit ineffective, but the fix also disables a device's camera in some instances depending on the device's firmware version.

Chainfire warned that other application-based fixes that have been developed are seriously flawed, so users should not depend on those to provide protection until Samsung issues an update.

"The only true solution is a kernel fix that simply removes the exploitable memory device, but that requires a non-universal device update," Chainfire wrote.

Samsung downplayed the seriousness of the issue, saying in a statement that "the issue may arise only when a malicious application is operated on the affected devices; however, this does not affect most devices operating credible and authenticated applications."

Samsung's devices can be updated over the air by operators, or users can do it with a desktop computer using the company's Kies software, according to a spokesman.

Android applications submitted to Google's Play store are checked for malicious behavior, but there are many websites around the Internet offering Android applications, many of which purport to be a legitimate but are actually malicious software and could incorporate this exploit.

Since an exploit has been published, Trend Micro said on Wednesday that it is only a matter of time before hackers begin to use it. Samsung said it "will continue to closely monitor the situation until the software fix has been made available to all affected mobile devices." It did not specify when the fix would be available.

[Pib]

Ain't this just saying you'll be OK as long as you don't get the malware...so keep your fingers crossed. But to be fair it's also saying download your Apps from well managed sites like Google Play and you'll be fine until we get the security update/fix pushed out.

Samsung downplayed the seriousness of the issue, saying in a statement that "the issue may arise only when a malicious application is operated on the affected devices; however, this does not affect most devices operating credible and authenticated applications."

[Jayman]

I'm using chainfires fix available from xda here

[Chicog]

I'm just not downloading rogue apps.

[Jayman]

I'm just not downloading rogue apps.

And how do you know that? Do all rogue apps have the title "rogue" in them? Or are you just putting all your faith in google that no apps on the appstore might be "rogue"?

is akin to saying.. "yeah, I don't need a condom, I just don't sleep with bargirls".

Edited December 22, 2012 by Jayman

[Chicog]

I'm just not downloading rogue apps.

And how do you know that? Do all rogue apps have the title "rogue" in them? Or are you just putting all your faith in google that no apps on the appstore might be "rogue"?

is akin to saying.. "yeah, I don't need a condom, I just don't sleep with bargirls".

I'm putting my faith in the fact that I know the difference between a good 'un and a bad 'un.

And in fairness I have all the apps I need and AVG says they are OK.

I certainly wouldn't put my faith in an app that admits it isn't 100% protection and knackers other features.

[Jayman]

I'm just not downloading rogue apps.

And how do you know that? Do all rogue apps have the title "rogue" in them? Or are you just putting all your faith in google that no apps on the appstore might be "rogue"?

is akin to saying.. "yeah, I don't need a condom, I just don't sleep with bargirls".

I'm putting my faith in the fact that I know the difference between a good 'un and a bad 'un.

And in fairness I have all the apps I need and AVG says they are OK.

I certainly wouldn't put my faith in an app that admits it isn't 100% protection and knackers other features.

Chainfire's patch closes the exploit. It is not an ideal situation which would be to remove the exploit from the rom itself. The loss ff feature (just one) does not effect all devices. I feel better having the exploit closed than leaving it open and hoping that it's not exploited.

[Chicog]

Chainfire's patch closes the exploit. It is not an ideal situation which would be to remove the exploit from the rom itself. The loss ff feature (just one) does not effect all devices. I feel better having the exploit closed than leaving it open and hoping that it's not exploited.

Which is fairy nuff.