Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,732,170 Members 43,579 Now Online
XDA Developers Android and Mobile Development Forum

[SECURITY] Vulnerability workaround for ExynosAbuse exploit, no root required

Tip us?
 
supercurio
Old
(Last edited by supercurio; 17th December 2012 at 03:54 PM.)
#1  
supercurio's Avatar
Senior Recognized Developer - OP
Thanks Meter 5070
Posts: 3,529
Join Date: May 2010
Location: Chambéry

 
DONATE TO ME
Default [SECURITY] Vulnerability workaround for ExynosAbuse exploit, no root required

Because an exploit and vulnerability has been released long before vendors had a chance to fix it and distributes patches, I though it could be useful to develop an app that regular people, who don't necessarily want to root or mod their devices can install to avoid being vulnerable.

Vulnerability and exploit by alephzain : http://forum.xda-developers.com/show....php?t=2048511
The application page on my blog



Characteristics of this app:
  • Works on any device, let you know if your system is vulnerable
  • Doesn’t require root to apply the fix
  • Doesn’t modify your system, copy files or flash anything
  • Fix can be enabled or disable at will
  • Free of charge

Limitations:
  • Break proper function of the Front camera on some Galaxy S III and Galaxy Note II Samsung official firmwares when activated.
  • Might alter MHL/HDMI output functions on some devices (not confirmed)
  • Cannot protect efficiently against some potential attacks (typically, on boot).
  • The real fix by manufacturers or some carefully written custom kernels will indeed be the only true solutions to this vulnerability − and won’t introduce any feature regression like this one does with some firmwares on cameras.
  • Comes without any kind of support or warranty.
The Following 19 Users Say Thank You to supercurio For This Useful Post: [ Click to Expand ]
 
ss2i9100g
Old
(Last edited by ss2i9100g; 17th December 2012 at 02:18 AM.)
#2  
Senior Member
Thanks Meter 18
Posts: 121
Join Date: Oct 2011
I can't see the download link!
Thanks for the quick response

V0.2 download link is down on your blog
 
OmahaBasil
Old
#3  
Junior Member
Thanks Meter 0
Posts: 1
Join Date: Dec 2012
Exclamation SPH-L710 is unaffected

It looks like my Samsung Galaxy S III is unaffected by this exploit. I have the Sprint version (SPH-L710). Either Samsung pushed an update or it isn't affected on this model.
 
Riio
Old
#4  
Riio's Avatar
Junior Member
Thanks Meter 6
Posts: 25
Join Date: Aug 2010
Thanks for the fix, greatly appreciated! As warned, it breaks camera functionality on my International Note 2 (N7100), green screen instead of normal view.
 
BZJoe
Old
#5  
Junior Member
Thanks Meter 0
Posts: 6
Join Date: Aug 2007
Location: New York
Default AT&T GS2 tested - not affected

I just downloaded and ran your app. It reported my AT&T GS2 as not affected. Thank you for doing this app.
 
TrayLunch
Old
(Last edited by TrayLunch; 17th December 2012 at 06:11 AM.)
#6  
TrayLunch's Avatar
R.I.P.
Thanks Meter 1826
Posts: 2,225
Join Date: Apr 2012
Location: Houston
Quote:
Originally Posted by OmahaBasil View Post
It looks like my Samsung Galaxy S III is unaffected by this exploit. I have the Sprint version (SPH-L710). Either Samsung pushed an update or it isn't affected on this model.
Quote:
Originally Posted by BZJoe View Post
I just downloaded and ran your app. It reported my AT&T GS2 as not affected. Thank you for doing this app.
Neither of your phones have Exynos processors. The international GS2&3 and the Sprint variant of the GS2 are a few of the susceptible devices.

Elite Tester for Mijjz Goodness


---------- Post added at 10:25 PM ---------- Previous post was at 10:22 PM ----------

Quote:
Originally Posted by supercurio View Post
Because an exploit and vulnerability has been released long before vendors had a chance to fix it and distributes patches, I though it could be useful to develop an app that regular people, who don't necessarily want to root or mod their devices can install to avoid being vulnerable.

Vulnerability and exploit by alephzain : http://forum.xda-developers.com/show....php?t=2048511
The application page on my blog



Characteristics of this app:
  • Works on any device, let you know if your system is vulnerable
  • Doesn’t require root to apply the fix
  • Doesn’t modify your system, copy files or flash anything
  • Fix can be enabled or disable at will
  • Free of charge

Limitations:
  • Break proper function of the Front camera on Galaxy S III Samsung official firmwares when activated
  • Might alter HDMI output functions on some devices (not confirmed)
Glad folks like you are out there making up for others irresponsible actions. This is probably the exploit used to hack phantom phaker's E4GT, and that guy is a scripting genius.

Elite Tester for Mijjz Goodness
The Following 2 Users Say Thank You to TrayLunch For This Useful Post: [ Click to Expand ]
 
chyckyn
Old
#7  
Junior Member
Thanks Meter 8
Posts: 25
Join Date: May 2011
Location: St John's
Quote:
Originally Posted by TrayLunch View Post
Neither of your phones have Exynos processors. The international GS2&3 and the Sprint variant of the GS2 are a few of the susceptible devices.
You are INCORRECT, the ORIGINAL AT&T S2 "I777" is an exact replica of the international except for the capacitive buttons....He knows what he's saying it is an EXYNOS device!!!!

http://www.gsmarena.com/samsung_gala..._i777-4130.php
PHONES
Samsung Captivate Glide
ROM: Captivate UX "My Own modified stock ICS with TW5"
Kernel: Stock

Samsung Galaxy Note II T-Mobile
ROM:N7105 XXDMC3
Kernel: Stock

Samsung Omnia 7 16GB
Rom: Stock

Droid Razr XT912
ROM: Stock JB
Kernel: Stock
 
thedicemaster
Old
#8  
Senior Member
Thanks Meter 261
Posts: 759
Join Date: May 2009
the galaxy camera also has this vulnerability, but the camera function still works fine after applying your fix.
The Following User Says Thank You to thedicemaster For This Useful Post: [ Click to Expand ]
 
BrainOfSweden
Old
#9  
Member
Thanks Meter 1
Posts: 34
Join Date: Apr 2010
Thanks for such a quick fix. The app says my SGS2 is vulnerable, so I activated it instantly. Good thing both cameras function properly. Is there anything else that could malfunction with the fix applied?
baz77 Old
(Last edited by baz77; 17th December 2012 at 05:49 PM.)
#10  
Guest
Thanks Meter
Posts: n/a
why does this app need Internet access permissions? ^^

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes