Dev.SN

Backdoor Found in Samsung Galaxy Devices

posted by LaminatorX on Thursday March 13 2014, @10:12AM   
from the either-a-benefit-or-a-hazard dept.

Rashek writes:

"The developers of Replicant, a pure Free-Software version of Android, claim to have discovered a security flaw in certain Samsung Galaxy phones and tablets . One so serious that it could potentially grant an attacker remote access to the device's file system.

The flaw lies in the software that enables communication between the Android OS and the device's radio modem, according to the Replicant project's Paul Kocialkowski. More information can be found at replicant's website."

• This is a full file server (Score: 5, Interesting) by Rich on Thursday March 13 2014, @05:37PM

  by Rich (945) on Thursday March 13 2014, @05:37PM (#16092)

  I've read the original article (linked last in the news post). This doesn't look like an odd "back door" where one can sneakily get in. It seems to implements the methods of a full blown file server, up to the point of "IPC_RFS_FTRUNCATE_FILE". "RFS" probably means "Remote File System". If I was to implement a back door, I probably would've done it though "unchecked" semantics of the NV memory r/w bit.

  I can only imagine that they wanted to mount a full file system on the baseband cpu for whatever reason and were braindead about the implications it would have. They even might have noticed and tried to migitate it somewhat, because the root access was dropped after the original I9000.

  The truly paranoid now could argue that it's a new mode of deniability by hiding in plain sight: "This hole is SO big, no one with a sane mind would create a hole THAT big, if they just wanted a little backdoor"

  Starting Score:	1		point
  Moderation		+4
  Interesting=3, Informative=1, Total=4
  Extra 'Interesting' Modifier		0
  Total Score:		5