- Repair iPhone 5: It’s easier to repair an iPhone 5 than its predecessors
- Sony Xperia Tablet Z releasing soon, specs, coming with Android 4.1 Jelly Bean
- AT&T Bound HTC Radiant, Pictures Leak
- T-Mobile iPhone 5 Update – T-Mobile USA Opens Pre-Orders For iPhone 5
- Latest Apple iMac Wi-Fi update now available to download and upgrade
An alleged error in Samsung’s execution of the Android kernel can lead to malicious apps gaining control over user devices. This chink in the armor was revealed by user “alephzain” on mobile developer forum XDA Developers. The flaw can make devices such as Samsung Galaxy S2 and Samsung Galaxy Note 2 which use the dual core, fourth-generation Exynos chips particularly vulnerable.
The Samsung devices such as the Galaxy S2 and the Galaxy Note 2 uses the Arm based system on a chip. The latest version of the chip is the Exynos 5 which is clocked at speeds of 1.7 GHz and also includes the latest ARM Cortex –A15 architecture and the GPU are a quad core ARM Mali T604. The Samsung Chromebook also uses the latest generation Exynos
Exynos is Samsung’s ARM-based system on a chip. The newest version of the chip, the Exynos 5 — or 5250 — is clocked at speeds of 1.7Ghz and encompasses the latest ARM Cortex-A15 architecture, as well as an ARM Mali T604 quad-core graphics processing unit (GPU). The latest version of Exynos has also recently been used in the latest-generation Samsung Chromebook.
Alephzain goes on to describe their findings: “The security hole is in kernel, exactly with the device /dev/exynos-mem, a huge mistake. The good news is we can easily obtain root on these devices, and the bad is there is no control over it. Ram dump, kernel code injection and others could be possible via app installation from Play Store. It certainly exists many ways to do that, but Samsung give an easy way to exploit. This security hole is dangerous and exposes phone to malicious apps. Exploitation with native C and JNI could be easily feasible.”
No sooner alephzain had provided the details of the security flaw, another forum member Chainfire provided an Android application package which makes use of this security loop hole. Chainfire also cautioned the public of this loophole and said that any app can get the root without permission on the vulnerable device.
The devices, which will be affected, are the Samsung Galaxy S2, Samsung Galaxy Note 2, Samsung Galaxy Note 10.1 and Samsung Galaxy Tab Plus. The community has already informed the South Korean techno giant, and it is hoped that Samsung will issue a fix if the claims are true. Android OS has been a target of numerous hacking attempts which use codes disguised as applications and steal data without the user’s knowledge.