Samsung Galaxy S2, Galaxy Note 2 at Risk, Security Loop found Samsung Devices

An alleged error in Samsung execution of the Android kernel can lead to malicious apps gaining control over user devices. This chink in the armor was revealed by user "alephzain" on mobile developer forum XDA Developers. The flaw can make devices such as Samsung Galaxy S2 and Samsung Galaxy Note 2 which use the dual core, fourth-generation Exynos chips particularly vulnerable.

Pretty Posts

By -

An alleged error in Samsung’s execution of the Android kernel can lead to malicious apps gaining control over user devices. This chink in the armor was revealed by user “alephzain” on mobile developer forum XDA Developers. The flaw can make devices such as Samsung Galaxy S2 and Samsung Galaxy Note 2 which use the dual core, fourth-generation Exynos chips particularly vulnerable.

The Samsung devices such as the Galaxy S2 and the Galaxy Note 2 uses the Arm based system on a chip. The latest version of the chip is the Exynos 5 which is clocked at speeds of 1.7 GHz and also includes the latest ARM Cortex –A15 architecture and the GPU are a quad core ARM Mali T604. The Samsung Chromebook also uses the latest generation Exynos

Exynos is Samsung’s ARM-based system on a chip. The newest version of the chip, the Exynos 5 — or 5250 — is clocked at speeds of 1.7Ghz and encompasses the latest ARM Cortex-A15 architecture, as well as an ARM Mali T604 quad-core graphics processing unit (GPU). The latest version of Exynos has also recently been used in the latest-generation Samsung Chromebook.

Alephzain goes on to describe their findings:  “The security hole is in kernel, exactly with the device /dev/exynos-mem, a huge mistake. The good news is we can easily obtain root on these devices, and the bad is there is no control over it. Ram dump, kernel code injection and others could be possible via app installation from Play Store. It certainly exists many ways to do that, but Samsung give an easy way to exploit. This security hole is dangerous and exposes phone to malicious apps. Exploitation with native C and JNI could be easily feasible.”

No sooner alephzain had provided the details of the security flaw, another forum member Chainfire provided an Android application package which makes use of this security loop hole. Chainfire also cautioned the public of this loophole and said that any app can get the root without permission on the vulnerable device.

The devices, which will be affected, are the Samsung Galaxy S2, Samsung Galaxy Note 2, Samsung Galaxy Note 10.1 and Samsung Galaxy Tab Plus. The community has already informed the South Korean techno giant, and it is hoped that Samsung will issue a fix if the claims are true. Android OS has been a target of numerous hacking attempts which use codes disguised as applications and steal data without the user’s knowledge.

This tech savvy lady from New York is currently pursuing her masters in computer science in LA, CA. She has been writing reviews and articles for different web sites for the last six years, and she is the chief-editor here. She has an in depth knowledge of all the gadgets and apps available.