Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,782,554 Members 36,215 Now Online
XDA Developers Android and Mobile Development Forum

Samsung Galaxy Security Alert: Android Backdoor Discovered

Tip us?
 
ciphercodes
Old
#1  
Senior Member - OP
Thanks Meter 234
Posts: 471
Join Date: Oct 2012
Default Samsung Galaxy Security Alert: Android Backdoor Discovered

Hi,
I came across this article and wanted to share with you all.
http://www.informationweek.com/secur...d/d-id/1127675

Highlights of this article:
Attackers can remotely exploit a software-based backdoor -- present in at least nine different models of Samsung smartphones and tablets -- to steal files and location data or surreptitiously activate a microphone or camera.

Radio modems on some Samsung devices can execute remote file system (RFS) commands.

This program is shipped with the Samsung Galaxy devices and makes it possible for the modem to read, write, and delete files on the phone's storage," he added. "On several phone models, this program runs with sufficient rights to access and modify the user's personal data."

The backdoor could be used by any remote attacker -- such as criminals or intelligence agencies -- to turn the devices into remote spying tools. "The spying can involve activating the device's microphone, but it could also use the precise GPS location of the device and access the camera, as well as the user data stored on the phone," he said. "Moreover, modems are connected most of the time to the operator's network, making the backdoors nearly always accessible."

List of affected devices:
According to Replicant, so far it's identified nine different types of Samsung devices that have the vulnerability. It cautioned that more devices may be affected.
Nexus S
Galaxy S
Galaxy S 2
Galaxy Note
Galaxy Nexus
Galaxy Tab 2 7.0
Galaxy Tab 2 10.1
Galaxy S 3
Galaxy Note 2

Fix/Workaround:
There isn't any for now but you can follow some basic safety measures.
1) Keep SE-Linux mode to Enforcing
2) Do not install applications from untrusted sources. This is configured by default under :Settings->Security->Device Administration->Unknown Sources.
3) Always verify the permissions the application is requesting.
4) Av's help in atleast verifying the apk's and there are applications to detect adnetworks like (Lookout,Symantec,TrustGo Ad detectors, etc).
 
Elzbach
Old
#2  
Elzbach's Avatar
Junior Member
Thanks Meter 3
Posts: 15
Join Date: Mar 2014
Thankfully Replicant closes this backdoor in their ROM.
 
jcase
Old
#3  
jcase's Avatar
Forum Moderator / Senior Recognized Developer - Taco Vendor
Thanks Meter 7,201
Posts: 3,627
Join Date: Feb 2010
Location: Sequim WA

 
DONATE TO ME
This article is FUD, dont even have to take my word on it you can take the word of any number of other security researchers

http://arstechnica.com/security/2014...galaxy-phones/
I'm taking a break of an undetermined length. Please don't contact me about exploits

Something important? jcase@cunninglogic.com
Like Android security topics? Join our G+ community -> https://plus.google.com/communities/...07618051049043
My Bitcoin address : 1Newifz6yETTmbziCsZZstmHHPH6ejNr75
The Following User Says Thank You to jcase For This Useful Post: [ Click to Expand ]
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes