Kernel vulnerability places Samsung devices at risk

A vulnerability found in the kernel of many Samsung devices has opened devices such as the Galaxy S2, S3, Note 2, and Note 10.1 up to abuse by hackers.
Written by Michael Lee, Contributor

A vulnerability that allows any app to access the RAM on Samsung devices has been found by developers who were digging into the kernel for Samsung's Exynos systems.

Exynos is the ARM-based system on chip that's typically found in Samsung's mobile devices and tablets.

XDA Developers member alephzain first brought up the vulnerability on the site's forum, claiming that access to the device's physical memory is read-and-write enabled by all users.

With the ability to read and write to memory at will, alephzain said that any application could dump the contents of the device's RAM and/or inject arbitrary code into the kernel. Such manipulations of memory could potentially allow an attacker to extract data and forward it elsewhere, or modify data to present the user with false data while the application does something else. The vulnerability itself also allows devices to be rooted.

Alephzain has named a couple of the devices that are vulnerable, and others have been able to independently verify that the issue exists. In particular, another developer on the forum, Chainfire, has released an application that uses the vulnerability to gain root privileges, and has listed which devices are currently known to work.

These devices use the Exynos 4210 or 4412 system on chip and include:

  • Samsung Galaxy S2 GT-I9100

  • Samsung Galaxy S3 GT-I9300

  • Samsung Galaxy S3 LTE GT-I9305

  • Samsung Galaxy Note GT-N7000

  • Samsung Galaxy Note 2 GT-N7100

  • Verizon-based Samsung Galaxy Note 2 SCH-I605

  • Samsung Galaxy Tab Plus GT-P6210

  • Samsung Galaxy Note 10.1 GT-N8000

  • Samsung Galaxy Note 10.1 GT-N8010

  • Samsung Galaxy Note 10.1 GT-N8020.

Although the Google Nexus 10 uses the Exynos platform, it has been confirmed as not being affected, as it uses the Exynos 5250.

Not everyone has agreed with how the vulnerability was made public, nor the public availability of code that allows it to be exploited. Given the late notice that manufacturers were given, forum member supercurio has taken it upon himself to release a quick fix for the vulnerability while the manufacturers determine how best to tackle the issue.

Editorial standards