Samsung Acknowledges Severe Android Vulnerability - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Infrastructure // PC & Servers
News
12/20/2012
07:16 AM
Connect Directly
Twitter
Facebook
Google+
LinkedIn
RSS
E-Mail
50%
50%

Samsung Acknowledges Severe Android Vulnerability

A serious vulnerability in the Android kernel for their Exynos processors in many of their phones, including the Samsung Galaxy S3, has been found by the Android hacking community. It may be used by any application to root (jailbreak) or unroot the device, brick it or even silently modify arbitrary memory or other applications.

A vulnerability in the Samsung Exynos Android kernel was recently found by a developer xda-developers group. Samsung has acknowledged the vulnerability and promised a software update to fix it as soon as possible.

Exynos is an ARM SoC (System on Chip) used in many of their devices, including the Galaxy S3, the Galaxy Note 2, and a few non-Samsung products such as the Lenovo LePhone.

The vulnerability gives the program complete access to device RAM and is being used for rooting devices, but can also be used by a malicious app to take control of the device, disable (brick) it or even silently modify arbitrary memory or other applications.

Samsung issued a statement about the flaw to Android Central:

Samsung is aware of the potential security issue related to the Exynos processor and plans to provide a software update to address it as quickly as possible.

The issue may arise only when a malicious application is operated on the affected devices; however, this does not affect most devices operating credible and authenticated applications.

Samsung will continue to closely monitor the situation until the software fix has been made available to all affected mobile devices.

As Samsung says, users who stick to legitimate apps from legitimate sources are unlikely to encounter this problem, but there have been many cases of malicious software being successfully submitted to the Google Play store.

Hat tip to the many Android-focused sites I linked to above and, originally, to Mikko Hypponen of F-Secure on Twitter.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Commentary
Enterprise Guide to Edge Computing
Cathleen Gagne, Managing Editor, InformationWeek,  10/15/2019
News
Rethinking IT: Tech Investments that Drive Business Growth
Jessica Davis, Senior Editor, Enterprise Apps,  10/3/2019
Slideshows
IT Careers: 12 Job Skills in Demand for 2020
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/1/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
Slideshows
Flash Poll