The Inquirer-Home

Security hole in Samsung Galaxy devices lets hackers remotely access and modify data

Pre-installed backdoor affects Galaxy S, S2, S3, Note, Note 2 and Nexus S
Thu Mar 13 2014, 12:06
Galaxy Note 2 smartphone with S Pen

A BACKDOOR found in Samsung Galaxy smartphones and tablets allows hackers to remotely access and modify data, a security firm has claimed.

Paul Kocialkowski, a developer at Replicant OS - a free mobile operating system based on Android - uncovered the backdoor, which he said was pre-installed on Samsung Galaxy devices as well as the Samsung-built Google Nexus S, providing remote access to all the data in the device.

Kocialkowski explained in a blog post that this is possible due to smartphones coming with two separate processors, one for general-purpose applications that runs Android under Linux and the other one, known as the modem, which is answerable to communications with the network provider.

"While working on Replicant, we discovered that the proprietary program running on the applications processor in charge of handling the communication protocol with the modem actually implements a backdoor that lets the modem perform remote file I/O operations on the file system," the researcher said.

"This program is shipped with the Samsung Galaxy devices and makes it possible for the modem to read, write, and delete files on the phone's storage. On several phone models, this program runs with sufficient rights to access and modify the user's personal data."

Samsung devices thought to be affected by this backdoor are the Google Nexus S made by Samsung, the Samsung Galaxy S, Galaxy S2, Galaxy S3, Galaxy Note, Galaxy Tab 2 and Galaxy Note 2.

"The incriminated RFS messages of the Samsung IPC protocol were not found to have any particular legitimacy nor relevant use-case. However, it is possible that these were added for legitimate purposes, without the intent of doing harm by providing a backdoor," he added.

"However, some RFS messages of the Samsung IPC protocol are legitimate (IPC_RFS_NV_READ_ITEM and IPC_RFS_NV_WRITE_ITEM) as they target a very precise file, known as the modem's NV data."

Replicant has published a patch for users who want to fix the backdoor vulnerability. µ


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Existing User
Please fill in the field below to receive your profile link.
Sign-up for the INQBot weekly newsletter
Click here
INQ Poll

Microsoft Windows 10 poll

Which feature of Windows 10 are you most excited about?