Samsung Galaxy Note 2 & S3 app attacks and malicious code
It appears that old Sammy might have a bit of a vulnerability problem with their devices that use the Exynos 4 processors such as the very popular Samsung Galaxy S3 and the Samsung Galaxy Note 2, which might have a security hole that makes them vulnerable to app based attacks or even place malicious code right into the kernel.
According to a report by the Boy Genius Report, the potential problem was unearthed by alephzain, a member of the XDA-developers Forum who claims that a Google Play app could have the potential to access info from the device’s RAM or inject malicious code directly into its kernel, and apparently this vulnerability could possibly affect all devices that sport an Exynos 4210 or 4412 processor.
The hacker discovered the issue when he was trying to find new ways to root the Samsung Galaxy S3 without ODIN flashing, and says that the Samsung Galaxy S2 and Meizu MX could also be affected, whilst noting that root can be obtained easily on these devices, but the bad news is there’s no control over it.
The hacker also says that the security hole is a dangerous one and exposed handsets to malicious code, whilst exploitation with native C and JNI is also feasible.
However, according to an article over on Cnet, it appears some users have been able to close the hole by tinkering with their smartphone, but altering their handset’s code seems to disable the camera on the Samsung Galaxy S3.
Cnet got in contact with Samsung about the matter, and Sammy claims they are currently conducting an internal review, although they haven’t said just how long that internal review will take and if or when a fix for this security issue with Galaxy devices will be delivered.
With devices it is expected there will be problems in code, but it is down to the handset maker to ensure a customer isn’t exposed to this kind of thing. This is not the first security problem to hit Samsung Galaxy range of devices because earlier in the year it was found that several TouchWiz enables handsets could possibly be wiped when visiting a web page that contained simple script, although that particular problem was fixed with and OTA update shortly after discovery.
So there you have it, if you own the Samsung Galaxy S3, S2, or Galaxy Note let’s hope that Samsung can deliver a fix for this latest security issue as soon as possible.