Exynos kernel exploit could open several Samsung devices to malware or worse

Some bad news is surfacing this weekend for owners of several popular Samsung devices. Members of XDA Developers identified a kernel exploit for devices with certain Exynos processors that could provide root access without flashing the device. According to XDA member alephzain, the vulnerability was discovered on his Samsung Galaxy S III in /dev/exynos-mem. The weakness provides full read/write rights to all physical memory.

XDA member testing has determined the device /dev/exynos-mem is involved in the operation of the camera, graphic memory allocation, and HDMI. Research reveals a change in permissions can plug the hole, but this also seems to have the side-effect of rendering the camera inoperable. Another XDA member, RyanZA, created a small app to toggle the affected device’s permissions between full read/write and read-only.

XDA members have reported the problem to Samsung, but no response or statement has been provided by Samsung yet. At this time, the exploit is believed to only affect devices with the 4210 or 4412 Exynos chipsets. The bad news for Samsung is that several of their top-selling devices are powered by those chips, including the Galaxy S III, the Samsung Galaxy S II, the Samsung Galaxy Note II and the Meizu MX.

No known malicious apps or malware exist that exploit the vulnerability. However, with news breaking about the security hole, harmful code is probably not far behind. Be sure to check back with TalkAndroid as additional information develops.

source: XDA Developers, XDA toggle app
via: The Next Web


About the Author: Jeff Causey

Raised in North Carolina, Jeff Causey is a chief financial officer and licensed CPA in Durham, North Carolina. Jeff has owned an HTC EVO, a Samsung Note II, and a Samsung Galaxy Tablet 10.1. He currently uses an LG G3 and a Nexus 7 (2013). Recently Jeff added Google Glass to his stable of tech gadgets. Unfortunately, his wife and kids have all drunk the Apple Kool-Aid and have i-devices. Life at home often includes demonstrations of the superiority of his Android based devices. In his free time, Jeff is active in his church, a local MINI Cooper car club, and his daughter's soccer club. Jeff is married, has three kids, and a golden retriever.


  • http://twitter.com/piyushr21 Piyush

    Wow another exploit , maybe I should change to apple , nahhh apple is boring love my android

    • doseas

      If this were an Apple product, they’d first deny that an exploit existed, then they’d delay a few weeks to “study” it, and, if you were lucky, release a fix in 6 months or so.
      Since the user community already has an unofficial fix for this issue, I’d expect Samsung to release an official one in the next few days.

      • http://twitter.com/piyushr21 Piyush

        Yeah you maybe right but I am scared will this update go to all Samsung phones ..