Developers find major security flaw in Samsung Android devices


Developers have identified a security flaw afflicting a number of Samsung Electronics devices running Google's (NASDAQ:GOOG) Android, leaving them exposed to malicious apps that could result in hackers gaining root level permissions.

The exploit, first identified by user alephzain at the XDA Developers forum, gives hackers access to all physical memory. Alephzain first tested the vulnerability on a Samsung Galaxy S III to root his device, but research indicates the flaw is also present across the Galaxy S II, Galaxy Note II and Meizu MX, and potentially other devices that feature an Exynos processor (4210 and 4412) and leverage Samsung kernel sources.

"The good news is we can easily obtain root on these devices and the bad is there is no control over it," alepzhain states. "RAM dump, kernel code injection and others could be possible via app installation from Play Store. It certainly exists many ways to do that but Samsung give[s] an easy way to exploit. This security hole is dangerous and expose phone[s] to malicious apps."

An XDA Developers senior moderator dubbed Chainfire has already created an APK file that uses alephzhain's exploit to gain root privileges and install the latest release of his SuperSU access management tool. Other developers have notified Samsung of the flaw, although the manufacturer has not yet responded.

The Next Web adds there are no known Android malware apps that exploit the vulnerability in question, adding that devices that do not incorporate the Exynos processor are not at risk.

An estimated 18 million Android users will encounter mobile malware between the beginning of 2012 and the conclusion of 2013, according to a new forecast published by Lookout Mobile Security. The firm adds that the likelihood users will encounter malware or spyware threats depends heavily on their geography and behavior, varying from 0.20 percent in Japan to 0.40 percent in the U.S. to as high as 34.7 percent in Russia.

For more:
- read this XDA Developers thread
- read this Next Web article

Related articles:
Lookout: Android malware will infect 18 million users by end of 2013
Study: Android 4.2 app verification security only detects 15% of malware
Android malware surges to new highs in Q3
Google denies Android malware charges, researchers backtrack
Report: Android malware increased 155 percent year-over-year