Stories
Slash Boxes
Comments

Dev.SN ♥ developers

Backdoor Found in Samsung Galaxy Devices

posted by LaminatorX on Thursday March 13 2014, @10:12AM   Printer-friendly
from the either-a-benefit-or-a-hazard dept.

Rashek writes:

"The developers of Replicant, a pure Free-Software version of Android, claim to have discovered a security flaw in certain Samsung Galaxy phones and tablets . One so serious that it could potentially grant an attacker remote access to the device's file system.

The flaw lies in the software that enables communication between the Android OS and the device's radio modem, according to the Replicant project's Paul Kocialkowski. More information can be found at replicant's website."

 
This discussion has been archived. No new comments can be posted.
Backdoor Found in Samsung Galaxy Devices | Log In/Create an Account | Top | 1000 moderator points   | 23 comments | Search Discussion
Display Options Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3) by Open4D on Thursday March 13 2014, @12:01PM

    by Open4D (371) on Thursday March 13 2014, @12:01PM (#15931) Journal

    It seems from the Replicant webpage that the starting directory for access is /efs/root/ I don't know what this is exactly but it seems to be the kind of thing that the radio modem possibly should be able to get to.

    But Replicant have used "../.." as a circumvention measure. So they can get access to path /data/radio/test using a request for this: ../../data/radio/test"

    If the Samsung coder claimed to have mistakenly not accounted for the awesome power of "../.." - I would just about find that plausible - albeit with a heavy heart.

    Starting Score:    1  point
    Moderation   +1  
       Underrated=1, Total=1
    Karma-Bonus Modifier   +1  
    Total Score:   3