Stories
Slash Boxes
Comments

Dev.SN ♥ developers

posted by LaminatorX on Thursday March 13 2014, @10:12AM   Printer-friendly
from the either-a-benefit-or-a-hazard dept.

Rashek writes:

"The developers of Replicant, a pure Free-Software version of Android, claim to have discovered a security flaw in certain Samsung Galaxy phones and tablets . One so serious that it could potentially grant an attacker remote access to the device's file system.

The flaw lies in the software that enables communication between the Android OS and the device's radio modem, according to the Replicant project's Paul Kocialkowski. More information can be found at replicant's website."

This discussion has been archived. No new comments can be posted.
Display Options Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Funny) by ikanreed on Thursday March 13 2014, @10:14AM

    by ikanreed (3164) on Thursday March 13 2014, @10:14AM (#15873)

    Unfortunately the prize is just a vague sense of impossible-to-pin-down paranoia.

    • (Score: 2) by Sir Garlon on Thursday March 13 2014, @10:37AM

      by Sir Garlon (1264) on Thursday March 13 2014, @10:37AM (#15886)

      I disagree. Confirmation bias is its own reward: it feels so good to jump to the conclusion that you're right!

      --
      [Sir Garlon] is the marvellest knight who is now living, for he destroyeth many good knights, for he goeth invisible.
  • (Score: 5, Interesting) by jasassin on Thursday March 13 2014, @10:40AM

    by jasassin (3566) on Thursday March 13 2014, @10:40AM (#15888) Journal

    The NSA knows every bit of information that's been in and out of every phone anyway. Let them hax0r my Angry Birds. I just get a kick out of this current inter agency fighting in the US with the CIA and the congress supposedly hacking each others computers. It's all fun and games until someone is spying on you. Most representatives seem to have the mentality of children. The games fun until someone starts using your favorite toy.

    • (Score: 3, Interesting) by danomac on Thursday March 13 2014, @12:31PM

      by danomac (979) on Thursday March 13 2014, @12:31PM (#15954)
      I was thinking this may be the locate phone/remote wipe feature that Samsung was advertising for their phones. Although it could be for something else.
  • (Score: 4, Interesting) by d on Thursday March 13 2014, @10:45AM

    by d (523) on Thursday March 13 2014, @10:45AM (#15893)

    On LWN.net, I jumped straight away with a comment like "I'm not going to buy from them again" (would be quite hard to live without gorilla glass, I guess). Then I read up about the backdoor and it's not exactly clear to me if it's by design or just a stupid mistake. Which brings to an interesting mind experiment - given that we have no source code, how could we tell that it's not a plausibly deniable backdoor, what kind of proof or argument would be convincing enough? And how could we make it much harder to let this kind of errors slip by?

    The problem I see is that I find it really hard to imagine open sourcing the modem software today. I mean, don't get me wrong, I'm all about FLOSS, but I guess that there's some reason why it didn't happen yet and I guess that we'd need to fight this reason first.

    • (Score: 5, Funny) by stormwyrm on Thursday March 13 2014, @11:02AM

      by stormwyrm (717) on Thursday March 13 2014, @11:02AM (#15901)

      Any sufficiently advanced incompetence is indistinguishable from malice.

      --
      Qu'on me donne six lignes écrites de la main du plus honnête homme, j'y trouverai de quoi le faire pendre.
    • (Score: 5, Interesting) by Nerdfest on Thursday March 13 2014, @11:44AM

      by Nerdfest (80) on Thursday March 13 2014, @11:44AM (#15921)

      If it turns out is it intentional, it's quite a knock against buying from them in the future, especially if it turns out it's not being patched. Intentionally leaving a backdoor in something like this puts them up there with RSA in the trust category.

      • (Score: 3, Informative) by d on Thursday March 13 2014, @11:50AM

        by d (523) on Thursday March 13 2014, @11:50AM (#15926)

        Or Sony:

        https://en.wikipedia.org/wiki/Sony_BMG_copy_protec tion_rootkit_scandal [wikipedia.org]

        (I especially recommend the "Company and press reports" section).

        • (Score: 1, Offtopic) by Nerdfest on Thursday March 13 2014, @12:05PM

          by Nerdfest (80) on Thursday March 13 2014, @12:05PM (#15937)

          I think we're at the point that one not even need mention Sony on this site for an example of a company that can't be trusted. They're pretty much the poster child.

          • (Score: 5, Informative) by edIII on Thursday March 13 2014, @12:40PM

            by edIII (791) on Thursday March 13 2014, @12:40PM (#15963)

            Never forget this. Ever.

            It will not lose that revenue stream, no matter what... Sony is going to take aggressive steps to stop this. We will develop technology that transcends the individual user. We will firewall Napster at source - we will block it at your cable company. We will block it at your phone company. We will block it at your ISP. We will firewall it at your PC... These strategies are being aggressively pursued because there is simply too much at stake

            -- Sony Pictures Entertainment US senior VP Steve Heckler

            These people are diametrically opposed to freedom. There are no common carriers. They will somehow control, either through acquisitions, legal threats, or legislation the very pipes we communicate on to control us.

            If that doesn't work.. they will (emphasis his) control our computers and prevent us from accessing content they find objectionable.

            There is simply too much money at stake for them to act otherwise.

            Never forget this. Never buy Sony. Not ever. Not even an automatic blowjob machine with self-cleaning attachments and a drip tray.

    • (Score: 3) by Open4D on Thursday March 13 2014, @12:01PM

      by Open4D (371) on Thursday March 13 2014, @12:01PM (#15931) Journal

      It seems from the Replicant webpage that the starting directory for access is /efs/root/ I don't know what this is exactly but it seems to be the kind of thing that the radio modem possibly should be able to get to.

      But Replicant have used "../.." as a circumvention measure. So they can get access to path /data/radio/test using a request for this: ../../data/radio/test"

      If the Samsung coder claimed to have mistakenly not accounted for the awesome power of "../.." - I would just about find that plausible - albeit with a heavy heart.

  • (Score: 1) by dublet on Thursday March 13 2014, @11:10AM

    by dublet (2994) on Thursday March 13 2014, @11:10AM (#15904)

    Was this backdoor found using Grindr?

    Taxi!

  • (Score: 5, Insightful) by MrGuy on Thursday March 13 2014, @12:06PM

    by MrGuy (1007) on Thursday March 13 2014, @12:06PM (#15939)

    Curious whether people feel "back door" is used correctly here.

    The way I'm used to it being used, a back door was only called such if it was a deliberate creation of the programmers, as a deliberate way to bypass the access controls. A security flaw that allowed access (eg. a buffer overrun) wasn't called a "back door."

    On the other hand, calling this a "back door" is descriptive of the level of access it allows - basically bypassing access controls and allowing access to the entire device (as opposed to a security flaw that could simply crash an app or allow access to one specific subset of the phone like the contact list).

    So, I'm conflicted. Thoughts?

    • (Score: 5, Funny) by hybristic on Thursday March 13 2014, @12:25PM

      by hybristic (10) on Thursday March 13 2014, @12:25PM (#15951)

      The only time I ever use the word 'back door' is when my girl friend has had a few too many drinks! ;P

      But in reality a backdoor is simply any time you bypass normal authentication methods without being detected. Which is why I can only exploit the gf's backdoor when shes drunk, she doesn't log this attempt so it goes unnoticed. So to call this a backdoor is pretty accurate.

  • (Score: 5, Informative) by Angry Jesus on Thursday March 13 2014, @12:11PM

    by Angry Jesus (182) on Thursday March 13 2014, @12:11PM (#15941)

    This isn't the first time that closed-source baseband processors have been identified as a significant security risk on smartphones. [readwrite.com]

  • (Score: 1) by Anonymous Coward on Thursday March 13 2014, @01:04PM

    by Anonymous Coward on Thursday March 13 2014, @01:04PM (#15985)

    I've read through all the links and Paul K's detailed page at Replicant, but I still don't understand who or what exactly has rights to control that modem CPU and firmware and potentially use the backdoor to access other files on the phone.

    My guess would be "only the current cellular data network provider itself". Anyone?

    I have some of the affected handsets; I'm not sure that trusting my cellular network provider not to snoop on my storage (when they're already seeing all my unencrypted traffic) is a terrible thing...

  • (Score: 4, Informative) by sl4shd0rk on Thursday March 13 2014, @01:48PM

    by sl4shd0rk (613) on Thursday March 13 2014, @01:48PM (#16004)

    * the affected radio software is running under the "radio" user.

    http://arstechnica.com/security/2014/03/virtually- no-evidence-for-claim-of-remote-backdoor-in-samsun g-galaxy-phones/ [arstechnica.com]

  • (Score: 0) by Freeman on Thursday March 13 2014, @01:55PM

    by Freeman (732) on Thursday March 13 2014, @01:55PM (#16008)

    Alls your devices belongz to us. XD

    --
    To err is human; to really foul things up requires a computer. - Bill Vaughan
  • (Score: 5, Interesting) by SuggestiveLanguage on Thursday March 13 2014, @02:00PM

    by SuggestiveLanguage (1313) on Thursday March 13 2014, @02:00PM (#16011)

    This back-door news is yet another data-point proof that vendor-controlled devices can never, ever be trusted to work in the best interests of the user, nor can they ever be truly owned by the end-user.

    The increasingly hardened firmware on my Galaxy Tab 10.2 has frustrated rooting to the the point I'm afraid to seriously try it for fear of bricking the hardware. I naively thought I was purchasing a tool for my exclusive use as a mostly disconnected device and I could simply scrape-off the bloatware and install some kind of firewall. Hoo boy was I ever wrong. There are a myriad of uninstallable Samsung and Google adware and spyware constantly running and communicating, ever so eager to sling sub-standard products and phone home with my entire usage history. My only thin strand of control a software-only "Blocking Mode" and a desktop folder to shovel the crapware out of sight.

    As for hardware control? Forget it. On top of the Samsung's aggressive attempts and blocking root access, Android ICS made accessing full USB communication an increasingly obsfucated process which is never a good sign from any software vendor. Every firmware update brings more uninstallable Samsung-branded bloatware designed to monetize everything I do. I wonder what crapware, spyware or lock-down is bundled in the next software or firmware update and exactly how it's going to worsen my user experience, push products, reduce functionality and force-feed their underwhelming consumer products down my gullet. When called-out Samsung points the finger at Google and Google points the finger at Samsung, but from my perspective they both are both playing the same game with the end user.

    At least a rental car doesn't tell me what gas stations to visit...yet. I have less privacy and control and software choice with any tablet on the market than any my PCs or Macs. I don't own this device, I'm simply renting it from Samsung (or Apple or whoever) and they could, for all practical purposes, change the software or disable the device at will forcing me to blow my money to buy a new one.

    Welp, it may be long-past time to sell the rental-tablet and dust off the 'ol x61 tablet and install KDE or Ubuntu's whateveritscalledthisweek. I'm now perfectly willing to put up with a little bulk in exchange for owning my computer.

    • (Score: 2) by stormwyrm on Friday March 14 2014, @12:20AM

      by stormwyrm (717) on Friday March 14 2014, @12:20AM (#16176)

      Which is why, despite my misgivings about Google in general, I bought myself a Nexus 7 the other day to replace my ageing Asus Transformer. Whatever else you might say about the Nexus line, it seems to be true that Google doesn't play those kinds of games you describe to such a great extent on the Nexus devices. I unlocked and rooted it immediately after getting it using a relatively simple procedure (whose main difficulty was getting the correct USB drivers installed on Windows), used some tools to neuter the worst of Google's bloatware, and am shopping around XDA for some decent custom firmware to trim the rest of it off. The only thing I hate about the Nexus devices is the fact that they don't have expandable storage, but that's a small price to pay for being able to retain some level of ownership over my device.

      --
      Qu'on me donne six lignes écrites de la main du plus honnête homme, j'y trouverai de quoi le faire pendre.
      • (Score: 2) by Open4D on Friday March 14 2014, @06:07AM

        by Open4D (371) on Friday March 14 2014, @06:07AM (#16254) Journal

        ... although there are 2 Nexus devices on Repliocant's list [replicant.us]. The "Nexus S" and its successor the "Galaxy Nexus", both produced jointly by Samsung and Google.

         

        The only thing I hate about the Nexus devices is the fact that they don't have expandable storage

        Don't forget the non-removable batteries on recent models.

         
        Still, I agree that Nexus devices [wikipedia.org] are a relatively good bet. If I wanted a tablet device I might well end up with a Nexus.

         
        For a phone though, I'm aware of some potentially better options, including:
        http://europe.oppostyle.com/ [oppostyle.com]
        http://www.fairphone.com/ [fairphone.com] (Don't necessarily be put off by the awkward website)
        http://neo900.org/ [neo900.org]

  • (Score: 5, Interesting) by Rich on Thursday March 13 2014, @05:37PM

    by Rich (945) on Thursday March 13 2014, @05:37PM (#16092)

    I've read the original article (linked last in the news post). This doesn't look like an odd "back door" where one can sneakily get in. It seems to implements the methods of a full blown file server, up to the point of "IPC_RFS_FTRUNCATE_FILE". "RFS" probably means "Remote File System". If I was to implement a back door, I probably would've done it though "unchecked" semantics of the NV memory r/w bit.

    I can only imagine that they wanted to mount a full file system on the baseband cpu for whatever reason and were braindead about the implications it would have. They even might have noticed and tried to migitate it somewhat, because the root access was dropped after the original I9000.

    The truly paranoid now could argue that it's a new mode of deniability by hiding in plain sight: "This hole is SO big, no one with a sane mind would create a hole THAT big, if they just wanted a little backdoor"