Samsung aims to fix severe Android device vulnerability

Samsung aims to fix severe Android device vulnerability

Summary: The world's top mobile phone maker says it is working on a fix for a security flaw that affects some of its flagship smartphones and tablets.

SHARE:

Samsung is working on a fix for a serious security flaw that affects popular devices such as the Galaxy S3 and Note 2.

The vulnerability, revealed earlier this week, can give malicious apps root access, potentially allowing data theft or manipulation. It seems to affect two particular models of the Exynos system-on-a-chip, namely the 4210 and 4412.

Samsung told ZDNet in a statement on Thursday that it was "aware of the potential security issue related to the Exynos processor and plans to provide a software update to address it as quickly as possible".

"The issue may arise only when a malicious application is operated on the affected devices; however, this does not affect most devices operating credible and authenticated applications," the company said. "Samsung will continue to closely monitor the situation until the software fix has been made available to all affected mobile devices."

That list includes these devices:

• Samsung Galaxy S2 GT-I9100
• Samsung Galaxy S3 GT-I9300
• Samsung Galaxy S3 LTE GT-I9305
• Samsung Galaxy Note GT-N7000
• Samsung Galaxy Note 2 GT-N7100
• Verizon-based Samsung Galaxy Note 2 SCH-I605
• Samsung Galaxy Tab Plus GT-P6210
• Samsung Galaxy Note 10.1 GT-N8000
• Samsung Galaxy Note 10.1 GT-N8010
• Samsung Galaxy Note 10.1 GT-N8020

The disclosure of the flaw on a forum has been controversial, particularly as someone also used the forum to offer up an app that could exploit the flaw.

The affected devices are Samsung's flagships and, given that the company is now the world's top mobile phone manufacturer, the vulnerability could cause widespread problems if exploited.

Topics: Security, Android, Mobility, Samsung

David Meyer

About David Meyer

David Meyer is a freelance technology journalist. He fell into journalism when he realised his musical career wouldn't pay the bills. David's main focus is on communications, as well as internet technologies, regulation and mobile devices.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

44 comments
Log in or register to join the discussion
  • Junk

    I hate Android, pure garbage.
    mikroland2.0
    • Junk

      Iphone is probably over your head, too.
      rfarrah@...
    • off topic?

      I have several Android devices, none affected
      frylock
      • How do you know?

        How do you know if they aren't affected? Do they have the Exynos chips mentioned?
        RichDavis1
    • APPLE

      YOUR THE GARBAGE!! ANDROID ROCKS SO MANY APPS IT IS A LEARNING CURVE YOU LEARN FROM YOUR MISTAKES.
      zacklpen74
  • For Sale

    Used Samsung GSIII, too big for pocket, can't run all day without recharging, has serious security flaw. $25 OBO.
    Gr8Music
    • Send it my way...

      I have no problem avoiding malicious programs.
      Salty Dog
    • Must be the way you're holding it

      Mine runs all day, fits in any of my pockets and hasn't once been affected by a serious security flaw.

      Oh I see, you don't own one so you make stuff up to make it sound like you do. Unless you're a child of 5 which would explain why all your pockets are so small.
      Little Old Man
    • Sold

      I will take it for $30 ,I will paypal it to you immediately.
      xhawkx
  • Linux has a security vulnerability in it?

    Say it ain't so. We were PROMISED that all we had to do was switch to Linux and every security issue would simply vanish.

    Huh.
    toddbottom3
    • Give it a rest

      Got nuthin to do with Linux vulnerability, as you well know.
      Disappointed to see you sink this low.
      radleym
      • Android isn't Linux?

        Huh. That isn't what we are told when it comes to marketshare.
        toddbottom3
        • It's a defect in the design of the *processor*, not the OS

          It says this right in the article.
          TheWerewolf
          • Not getting it

            Whenever there was ANY security issue related to a certain other OS, we were told: switch to Linux. It didn't matter if the issue was in a browser, a trojan requiring a user to download, execute, elevate privileges, etc. It didn't matter if the issue was in the kernel or in a driver (and this is a driver issue BTW). We were told that these security vulnerabilities were because that other OS was flawed by design. We were told that a properly designed OS would keep the user safe. We were told that switching to Linux, a properly designed OS, would ensure that the OS protected us from vulnerabilities in apps, drivers, kernels, etc. AppArmor would do it all for us. Someone even staked their reputation on it.

            Now it turns out it is more nuanced? Now it turns out that no, an OS can't protect the user from trojans (but we only find this out after Linux is assaulted with trojans). Now it turns out that no, an OS can't protect the user from device driver vulnerabilities (but we only find this out after Linux can't mitigate device driver vulnerabilities).

            When it comes to marketshare, Android is advertised as Linux with no caveats, no asterisks. When it comes to vulnerabilities though, Android is Linux*.

            The point is that an OS CAN'T keep you safe from vulnerabilities and trojans. This whole "switch to Linux, a properly designed OS will keep you safe" meme was a lie. Either Linux isn't a properly designed OS (since it has been proven that it can't keep you safe) or the original statement was a lie. Take your pick.

            *not really
            toddbottom3
          • Haven't those unemployment check run out yet?

            You have way to much time on your hands.
            GoPower
          • Android is popular, and there lies the problem

            The main reason Windows has so many viruses, trojans, etc is because it's the most used operating system on the planet. If you want to write a piece of software that will cause the most damage possible, you write it for the OS that has the most users. Windows has done its best to prevent this and add more protection, but the fact remains, hackers will target a Windows computer before Mac or Linux.

            On a desktop, Linux is more secure, because they not only have the lower share of users, but there are so many different versions with different file extensions it would be almost pointless to write a virus for them, and you would have to target a specific distro. However, there are Linux viruses, just not many.

            Now we look at Android, which is Linux. I'm sure when Android first came out, it was just as secure as the iPhone, but now that it has become so popular, and we do so much on our phones now days, hackers by the 1000's are drooling over a way to get our private information off the phone. By default an Android phone and iPhone do not allow root access; that's something we do by jailbreaking and rooting our phones. Still, the people who give us that ability are, in all honesty, hackers that could probably easily be creating a virus instead.

            It all comes down to what is more popular. Mac computers used to be completely free of evil little programs, but look at them now. They have had their share of problems in the past few years. Why? Because they have become more popular. It doesn't matter what OS you are running or how secure you think or claim it is, once it becomes popular enough, there will be people out there working day an night to hack it, and it will happen.
            YngJoe_z
          • Re: Android is popular

            Come on. This is not malware. It is improperly designed hardware/software. It's entirely Samsung's design.

            As everyone knows (by now), about anything Samsung makes has backdoors. If you have an Samsung printer, make sure you either disconnect it from the network or replace it with some other make. It is very possible Windows drivers for Samsung hardware might also contain backdoors and because Windows doesn't offer much protection from malicious "drivers", this might be yet another attack vector.

            Even if this processor/software combination wasn't popular, it would still contain the "design bug". Popularity only helps in discovering the flaws faster.
            danbi
          • Not quite...

            "The point is that an OS CAN'T keep you safe from vulnerabilities and trojans."
            The WHOLE point is that an OS CAN'T keep you safe from vulnerabilities written for BIOS or other part of the computing system. Theoretically an OS CAN keep you safe from OS vulenerabilities. The OS MAY be able to keep you safe from APPLICATION vulnerabilites, but often at a significant cost in flexibility, speed of updates, etc...
            Although I am not a Linux guru, I think most of the folks saying "Linux is safe" were talking about the OS (Kernel, whatever). I have used Windows for a number of years (almost 20) and have also been safe with it. Over half the battle is not going to "bad sites" or click on things you aren't supposed to click on, regardless of the OS.
            jkohut
          • So you pretty much said IOS...

            Has the same flaws if it's not the flaw/fault of the processor chip. Humm! The Fact is anything created with code/by man has and can be flawed.
            Free Webapps
          • It's Samsung

            Not everyone can write good software, and not everyone can design good hardware. System integration is also not for everyone.

            This is a flaw in an Samsung designed processor, in an Samsung designed piece of software.
            danbi