Exynos kernel exploit could open several Samsung devices to malware or worse

Some bad news is surfacing this weekend for owners of several popular Samsung devices. Members of XDA Developers identified a kernel exploit for devices with certain Exynos processors that could provide root access without flashing the device. According to XDA member alephzain, the vulnerability was discovered on his Samsung Galaxy S III in /dev/exynos-mem. The weakness provides full read/write rights to all physical memory.

XDA member testing has determined the device /dev/exynos-mem is involved in the operation of the camera, graphic memory allocation, and HDMI. Research reveals a change in permissions can plug the hole, but this also seems to have the side-effect of rendering the camera inoperable. Another XDA member, RyanZA, created a small app to toggle the affected device’s permissions between full read/write and read-only.

XDA members have reported the problem to Samsung, but no response or statement has been provided by Samsung yet. At this time, the exploit is believed to only affect devices with the 4210 or 4412 Exynos chipsets. The bad news for Samsung is that several of their top-selling devices are powered by those chips, including the Galaxy S III, the Samsung Galaxy S II, the Samsung Galaxy Note II and the Meizu MX.

No known malicious apps or malware exist that exploit the vulnerability. However, with news breaking about the security hole, harmful code is probably not far behind. Be sure to check back with TalkAndroid as additional information develops.

source: XDA Developers, XDA toggle app
via: The Next Web

» See more articles by Jeff Causey


Google+0Facebook0Twitter119
  • http://twitter.com/piyushr21 Piyush

    Wow another exploit , maybe I should change to apple , nahhh apple is boring love my android

    • doseas

      If this were an Apple product, they’d first deny that an exploit existed, then they’d delay a few weeks to “study” it, and, if you were lucky, release a fix in 6 months or so.
      Since the user community already has an unofficial fix for this issue, I’d expect Samsung to release an official one in the next few days.

      • http://twitter.com/piyushr21 Piyush

        Yeah you maybe right but I am scared will this update go to all Samsung phones ..