Mobile Friday: Backdoor Exposed in Samsung Smartphones

Mar 14, 2014 By Sharon Solomon

Smartphones are getting smarter and the risks involved in using them are also getting bigger. More and more security issues are popping up in today’s mobile phones. The latest high-profile vulnerability has been exposed in a wide range of mainstream Samsung devices, sold in millions all around the world.

Replicant has published a proof-of-concept software that can access files on numerous Samsung devices thanks to a backdoor in their proprietary software. The researchers have also shown how the vulnerability can be patched and fixed.

The Samsung smartphones with the glaring backdoor vulnerability include many top selling models such as the Galaxy S3 (I9300), Galaxy Note 2 (N7100), Galaxy Nexus (I9250) and also the 10.1″ Galaxy Tab 2 (P51xx).

The Samsung devices ship with proprietary software that enables remote communication with the memory storage via the phone’s modem. The backdoor enables remote modem access and eventually compromises the users phone storage where all private information is stored. This backdoor exploitation is possible also when the modem is isolated.

The Replicate researchers have also demonstrated how this backdoor can be eliminated. They have release a patched OS version that doesn’t allow the modem to perform remote I/O on the memory storage. But it’s important to mention that this fix doesn’t make the phones hack proof, as the modems still control the processor chipsets of the smartphones.

This is also a worrying development for CISOs and Information Security experts, who have to deal with the BYOD trend at workplaces. All workers must be urged to use only official vendor software, as pirate Operating Systems are even more vulnerable and risky. It’s also  a good idea to replace the aforementioned Samsung models with safer ones.

Samsung has refused to comment on the recent findings and no official security patches have been released so far. Private and business owners of the vulnerable devices are advised to exercise caution.

Source 1 | Source 2

The following two tabs change content below.

Sharon Solomon

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.