Exynos 4 critical security hole affects many Galaxy devices
Details of a security hole that allows for a full root exploit on Android devices based on Samsung's Exynos 4 processor were released over the weekend by a member of the xda-developers forum. Device that use Exynos 4210 and 4412 chips are affected; this includes the international versions of the Samsung Galaxy SII, SIII, Note and Note II. Several of Samsung's Galaxy tablets such as the Galaxy Tab 7.7 and the Galaxy Note 10.1 are also affected, along with devices from a few other manufacturers. Many Samsung devices sold in the US use chips equipped with LTE functionality, which Exynos does not work with, and are therefore unaffected.
On affected devices, all users have unrestricted read and write access to the
/dev/exynos-mem device. The device is listed as "Kernel direct-mapped RAM region. This maps the platform's RAM, and typically maps all platform RAM in a 1:1 relationship" and appears to be used to access the camera, but the incorrect permissions allow any user to access all of the device's memory.
While this is a boon to the rooting community, making it trivial to gain root access any of the affected devices, it is also a major security problem. The hole allows attackers to take complete control of an Exynos-4-based device by distributing a malicious application. The simplest patch for the hole is to change the permissions on the device from 0666 to 0600, blocking anyone but root from access to the device. Fixes have already appeared in versions of CyanogenMod, the alternative Android ROM, to address the vulnerability.
According to the analysis by the user who discovered the exploit, the /dev/exynos-mem device is used for camera functionality and graphic memory allocation on the affected devices. A rooting application that takes advantage of the exploit to root 11 different Samsung devices has also been released. However, readers should be aware of the inherent risk in installing an untrusted application, especially on phones vulnerable to this problem. Samsung has yet to issue a statement on the problem and therefore it is not known when the affected phones will receive a firmware update that resolves the problem.