Samsung promises patch for critical smartphone vulnerability

Readers who prefer to be rather safe than sorry, can use Chainfire's patch to fix the vulnerability

Samsung has apparently made its first statement on Android Central regarding a critical security vulnerability that is a serious problem for smartphones with the Exynos 4 system-on-chip (SoC). According to the article, the company plans to provide a patch for affected devices as soon as possible – but has not given any details on when that might actually be.

Some of the devices with the problem are the Galaxy S II and S III, Note, Note II, Note 10.1 and Galaxy Tab 7.7. The vulnerability allows specially prepared applications to directly access a smartphone's entire memory, even in the kernel, thereby giving themselves root privileges and the ability to do whatever they want on the device – a security worst-case-scenario. An app could, for example, install a spyware program that monitors calls, messages and passwords or permanently deletes all of a user's data.

Samsung confirms that there is potential for misuse but believes that most users are not in danger if they only install "credible and authenticated applications", by which the company most likely means apps from Google Play, the official source for Android programs. Indeed, the bulk of Android malware is distributed via alternative download portals, forums and file-sharing networks. Google subjects all submitted applications to a number of tests before including them in the official catalogue.

Arjan van de Ven, a kernel developer at Intel, describes on Google+ how the vulnerability came about: Samsung, he writes, copied the /dev/mem device driver but removed defensive measures that prevent it from accessing kernel memory. The Samsung developers called the driver copy /dev/exynos-mem and changed privileges so that anyone can access it with read and write privileges.

According to van de Ven, the reason for this change is because Samsung's camera driver runs in user space, so if access privileges were restricted, that driver wouldn't be able to access the mem device. The kernel developer's opinion on this situation is clear: "This was a DELIBERATE design decision. Lawyers should have a lot of fun with this. [...] That's seriously inexcusable."

In the XDA Developers forum, a number of patches promising to fix the vulnerability are already making the rounds. Not all of them actually fulfill that promise, though, as forum member Chainfire explains and demonstrates, pointing out that two of the patches integrate themselves into the boot process. This does not work all the time, however, as the startup mechanism does not always start processes in the same order.

What can then occur is a race condition in which a malware app could also set itself to run during startup and could therefore be run before the patch at boot. He believes that his patch is the safest one, although it could cause the camera to stop working. When he tested it on a Samsung Galaxy S III, the patch successfully blocked access to the device and the camera still worked.

Since there is not yet any word of malicious apps that take advantage of this critical vulnerability, currently the best idea is to wait a bit longer for the official patch before installing a makeshift solution. Either way, if readers stick to the apps from trusted sources like Google Play, the risk should at least be somewhat mitigated.

(fab)