• Your favorite

    Apple

    ,

    iPhone

    ,

    iPad

    ,

    iOS

    ,
    Jailbreak
    , and
    Cydia
    site.
  • Serious Vulnerability Leaves Many Samsung Devices Open to Malware


    A user on the popular xda-developers forum by the name of alephzain recently reported a severe vulnerability in the Samsung Galaxy S III, Galaxy S II, Galaxy Note II, and potentially several other devices. The vulnerability could give remotely downloaded apps the ability to read user data, brick phones, or perform other malicious activities. As many people store sensitive and important data on their phones for both personal reasons as well as for work, security seems to play a very important role when it comes to making decisions of which device to buy. Seeing how such a big issue was brought up for the Android platform, it isn’t a surprise to see iOS devices becoming more popular at home and in the enterprise market.

    According to alephzain, “The good news is we can easily obtain root on these devices and the bad is there is no control over it.” Although many of the vulnerabilities that pop up require physical access to the phone, multiple developers are indicating that this newly-identified issue is far more severe as it could allow apps downloaded from the Google Play Store an easy way to exploit the devices affected. Based on another user from the popular forum by the name of supercurio, Samsung was notified of the security whole but the company has not publicly acknowledged the issue as of yet. As of right now, it isn’t clear what the risks for the users affected exactly are, but the vulnerability does seem to be gaining publicity. The user notes that “millions of vulnerable devices are out there now” as the vulnerability affects all devices with Exynos 4210 and 4412 processors that use Samsung code.

    Fortunately for Apple, iOS devices don’t seem to be affected with similar issues but one can only imagine what it must feel like to be in the shoes of those affected. Apple was previously noted as being the target for many potential hackers as malware began to surface on the iOS platform, but luckily, it was nothing as severe as what seems to be going on for the affected devices on the Android platform as of right now. If additional vulnerabilities continue to surface or if Samsung fails to respond in a timely fashion, the rate at which the iOS platform gains popularity might increase drastically going forward.

    Source: xda developers (forum) via The Verge
    This article was originally published in forum thread: Serious Vulnerability Leaves Many Samsung Devices Open to Malware started by Akshay Masand View original post
    Comments 35 Comments
    1. BhadKarma's Avatar
      BhadKarma -
      Quote Originally Posted by Airwaves182 View Post
      Why do government agencies prefer BB then? 😧
      They don't. Enough said.
      I live in Kitchener Waterloo... RIMS
      Home land... And admit BB FAILURE.
      get used to it lol
    1. feidhlim1986's Avatar
      feidhlim1986 -
      Shouldn't this be a Google problem and not a Samsung issue? Google make the Android OS afterall.

      And Akshay...iOS market share is shrinking. For many months now. Android and in particular Samsungs share is growing.
    1. szr's Avatar
      szr -
      Quote Originally Posted by feidhlim1986 View Post
      Shouldn't this be a Google problem and not a Samsung issue? Google make the Android OS afterall.
      Exactly, is an OS level issue, not something I would imagine a hardware vendor has much, if any, control over, so I am not sure why this article focus on just one hardware vendor.
    1. shigh's Avatar
      shigh -
      Correct me if im wrong but isnt the "processor" considered hardware?

      So far, Alephzain has confirmed that the Galaxy S II, III, Note II and the Meizu MX are at risk, but notes that the exploit might work on any device running a Exynos 4210 or 4412 processor

      Taken from engadget.
    1. DampDesigns's Avatar
      DampDesigns -
      Quote Originally Posted by Airwaves182 View Post
      Why do government agencies prefer BB then? 
      Agencies like this have their entire infrastructure built around things like this. Blackberry got nestled in real nice in these areas by being the first to offer something of that magnitude. Same with Microsoft and windows. It takes time to filter all of that out and make a switch. It's not like an individual going down to AT&T and picking out a new phone. BB will slowly see it's end over the next year or two.
    1. Norb's Avatar
      Norb -
      Quote Originally Posted by shigh View Post
      Correct me if im wrong but isnt the "processor" considered hardware?

      So far, Alephzain has confirmed that the Galaxy S II, III, Note II and the Meizu MX are at risk, but notes that the exploit might work on any device running a Exynos 4210 or 4412 processor

      Taken from engadget.
      Just because only specific hardware is affected does not make it a hardware security hole. If they can somehow patch it with software it's a software problem and just something that was overlooked.
    1. aidanharris's Avatar
      aidanharris -
      I bet Samsung considers this a feature rather than a bug...
    1. Anthony Bouchard's Avatar
      Anthony Bouchard -
      Quote Originally Posted by Norb View Post
      Just because only specific hardware is affected does not make it a hardware security hole. If they can somehow patch it with software it's a software problem and just something that was overlooked.
      It's a gray area until the security professionals get their hands on it to dissect it.

      It may not be patchable, then again, maybe it is. The limera1n exploit for the A4 and older devices cannot be patched via software, as it is a hardware exploit. It would be interesting to see if this security issue in these devices falls under the same non-patchable category.
    1. Colwood's Avatar
      Colwood -
      Two thoughts . One is that android Arguably has always had malware exploits or whenever you want to call them My second thought is related to the comment section BlackBerry 10 actually looks amazing I'm not sure if it's going to save rim or research in motion personally but it does look amazing maybe you should YouTube it
    1. Mrteacup's Avatar
      Mrteacup -
      Quote Originally Posted by feidhlim1986 View Post
      You're allowed bash others but not Apple. Crazy rules I know but that's MMi for ya. It's not a free and open forum
      Yeah that's true! No one ever bashes on apple here! For someone who acts like they know the rules they really don't know what happens here.

      Also blackberry is not nearly close to being what it used to. It's fallen to rock bottom. Trying to defend yourself by saying the government is testing it, is ridiculous! They are trying Nokias, samsungs, iPhones and way more. They are constantly testing.

      There is no "phone" the government uses. Office phones are iPhones a lot now but they are using indestructible androids in the military.

      Just because a phone is safe doesn't mean the government will use it. If they are worried about someone hacking directly to the phone and not it's clients (like gmail) than they will definitely be adding their own tech.
    1. Raptor2213's Avatar
      Raptor2213 -
      Quote Originally Posted by Airwaves182 View Post
      Blackberry 10 will be the most safe.
      Aye, just like a computer that isn't connected to any networks, the BB 10 will be the most safe because it will never work properly.
    1. bmwraw8482's Avatar
      bmwraw8482 -
      Quote Originally Posted by Airwaves182 View Post
      Why do government agencies prefer BB then? 😧
      They can't afford to switch yet... Fiscal cliff!!!
    1. GmAz's Avatar
      GmAz -
      Quote Originally Posted by mustard05 View Post
      I was actually gonna switch teams today. After years of only iPhones I was going to try the Note 2. This article was very helpful to me personally as i now reminder of why I choose iPhone. I'm staying with Apple......for now
      Samsung however will release a patch very quickly. Apple however would take forever to put out a patch so they could include ways to block a jailbreak and to downplay that its a vulerability. Plus, my phone is rooted and rom'd. Buy an S3, beautiful phone and no issue.
    1. LivesForJihad's Avatar
      LivesForJihad -
      What isn't mentioned is that The Droid community already had a fix for this hours after it was discovered. In short, it involves a chmod on a /dev/exynoz-mem.

      Anyone here who bashes Android for this is missing the larger picture. As a result of a totally open OS and platform, we managed to isolate a problem and strengthen our OS, as well as give our manufacturers a heads up on avoiding this in the future.

      Just remember...the close nature of iOS, and the lack of a jailbreak just means that problems will be harder to find and patch on iOS, and only Apple can really pake those patches.

      While this should never of happened in the first place, we have it patched. iOS is still looking for a jailbreak.
    1. Cer0's Avatar
      Cer0 -
      Quote Originally Posted by LivesForJihad View Post
      What isn't mentioned is that The Droid community already had a fix for this hours after it was discovered. In short, it involves a chmod on a /dev/exynoz-mem.

      Anyone here who bashes Android for this is missing the larger picture. As a result of a totally open OS and platform, we managed to isolate a problem and strengthen our OS, as well as give our manufacturers a heads up on avoiding this in the future.

      Just remember...the close nature of iOS, and the lack of a jailbreak just means that problems will be harder to find and patch on iOS, and only Apple can really pake those patches.

      While this should never of happened in the first place, we have it patched. iOS is still looking for a jailbreak.
      Correct on that it was pacthed by the community. But should also be noted that majority of people don't know that much about that to do it. Just like iOS when situations like this come up there would be a wide audience that will be unpatched till official patch comes out. And even then some people just brush off patches. I know some people that had no clue 6.0 existed lol.