Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,730,261 Members 51,559 Now Online
XDA Developers Android and Mobile Development Forum

Samsung Galaxy Security Alert: Android Backdoor Discovered

Tip us?
 
ciphercodes
Old
#1  
Senior Member - OP
Thanks Meter 229
Posts: 459
Join Date: Oct 2012
Default Samsung Galaxy Security Alert: Android Backdoor Discovered

Hi,
I came across this article and wanted to share with you all.
http://www.informationweek.com/secur...d/d-id/1127675

Highlights of this article:
Attackers can remotely exploit a software-based backdoor -- present in at least nine different models of Samsung smartphones and tablets -- to steal files and location data or surreptitiously activate a microphone or camera.

Radio modems on some Samsung devices can execute remote file system (RFS) commands.

This program is shipped with the Samsung Galaxy devices and makes it possible for the modem to read, write, and delete files on the phone's storage," he added. "On several phone models, this program runs with sufficient rights to access and modify the user's personal data."

The backdoor could be used by any remote attacker -- such as criminals or intelligence agencies -- to turn the devices into remote spying tools. "The spying can involve activating the device's microphone, but it could also use the precise GPS location of the device and access the camera, as well as the user data stored on the phone," he said. "Moreover, modems are connected most of the time to the operator's network, making the backdoors nearly always accessible."

List of affected devices:
According to Replicant, so far it's identified nine different types of Samsung devices that have the vulnerability. It cautioned that more devices may be affected.
Nexus S
Galaxy S
Galaxy S 2
Galaxy Note
Galaxy Nexus
Galaxy Tab 2 7.0
Galaxy Tab 2 10.1
Galaxy S 3
Galaxy Note 2

Fix/Workaround:
There isn't any for now but you can follow some basic safety measures.
1) Keep SE-Linux mode to Enforcing
2) Do not install applications from untrusted sources. This is configured by default under :Settings->Security->Device Administration->Unknown Sources.
3) Always verify the permissions the application is requesting.
4) Av's help in atleast verifying the apk's and there are applications to detect adnetworks like (Lookout,Symantec,TrustGo Ad detectors, etc).
 
Elzbach
Old
#2  
Elzbach's Avatar
Junior Member
Thanks Meter 3
Posts: 15
Join Date: Mar 2014
Thankfully Replicant closes this backdoor in their ROM.
 
jcase
Old
#3  
jcase's Avatar
Forum Moderator / Senior Recognized Developer - Taco Vendor
Thanks Meter 6733
Posts: 3,548
Join Date: Feb 2010
Location: Sequim WA

 
DONATE TO ME
This article is FUD, dont even have to take my word on it you can take the word of any number of other security researchers

http://arstechnica.com/security/2014...galaxy-phones/
I'm taking a break of an undetermined length. Please don't contact me about exploits

Something important? jcase@cunninglogic.com
Like Android security topics? Join our G+ community -> https://plus.google.com/communities/...07618051049043
My Bitcoin address : 1Newifz6yETTmbziCsZZstmHHPH6ejNr75
The Following User Says Thank You to jcase For This Useful Post: [ Click to Expand ]
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes


XDA PORTAL POSTS

Implement Split View in Your LG G2 KitKat Rom with Automated Installer

Some of you may have remembered a story on the Portal a few weeks back … more

Cast Your Device Screen the Way it Was Meant to be with Second Screen

Not too long ago here on the XDA Portal, we covered how Google had made … more

Samsung Gear Live Unboxed the XDA Way – XDA Developer TV

XDA Developer TV Producer AdamOutleris known for his XDA Unboxingseries where … more

Make Your Own DIY Capacitive Stylus

The XDA Portal is a place where we like to talkabout things that are interesting, fun, and sometimes … more