Gigabyte GeForce GTX 650 Ti Boost OC WindForce 2X review
MSI Radeon HD 7790 TurboDuo OC review
Metro Last Light VGA Graphics Benchmark performance test
Noctua NH-U12S and NH-U14S review
ASUS GeForce GTX 670 DirectCU Mini review
OCZ Vertex 3.20 SSD review
Gigabyte Radeon HD 7790 2GB OC review
Cooler Master Eisberg 240L Prestige review
Guru3D and OCZ Contest - PC Power 1200W PSU Giveaway
MSI GeForce GTX 650 Ti BOOST OC review
Samsung smartphones and tablets vulnerable to kernel attack
Posted by Hilbert Hagedoorn on: 12/18/2012 09:18 AM | 8 comment(s) ]
ZD Net reports a wide range of Samsung smartphones and tablets with the company's Exynos 4412 and 4210 ARM-based processors are vulnerable to an attack that enables hackers to obtain root access on any of the affected devices.
XDA Developers member alephzain first brought up the vulnerability on the site's forum, claiming that access to the device's physical memory is read-and-write enabled by all users.
With the ability to read and write to memory at will, alephzain said that any application could dump the contents of the device's RAM and/or inject arbitrary code into the kernel. Such manipulations of memory could potentially allow an attacker to extract data and forward it elsewhere, or modify data to present the user with false data while the application does something else. The vulnerability itself also allows devices to be rooted.
The following devices are vulnerable to attack, but the risk seems minimal if you watch out which apps you install on your device.
- Samsung Galaxy S2 GT-I9100
- Samsung Galaxy S3 GT-I9300
- Samsung Galaxy S3 LTE GT-I9305
- Samsung Galaxy Note GT-N7000
- Samsung Galaxy Note 2 GT-N7100
- Verizon-based Samsung Galaxy Note 2 SCH-I605
- Samsung Galaxy Tab Plus GT-P6210
- Samsung Galaxy Note 10.1 GT-N8000
- Samsung Galaxy Note 10.1 GT-N8010
- Samsung Galaxy Note 10.1 GT-N8020.
Samsung smartphones and tablets vulnerable to kernel attack
Samsung 840 Pro SSD tested and reviewed - 12/12/2012 09:27 AM
In this article we test, benchmark and review the Samsung 840 Pro SSD. What a stunning piece of technology this is. An SSD that is extremely fast and actually amongst the handful of fastest storage un...
Bend it like Samsung - New Galaxy IV may have unbreakable screen - 12/07/2012 09:01 AM
Samsung Electronics, the world's leading technology company by revenue, is likely accelerating the launch of its next-generation flagship Galaxy smartphone - which may come with a breakthrough unbrea...
Samsung stress testing the Galaxy S3 - Video - 11/27/2012 09:23 AM
Doesn't your skip a beat when you accidently sit on your shiny Samsung Galaxy S3? Well the smartphone is actually designed and extensively tested to handle most of the things you throw at it. The bel...
Samsung Gives Aaway Far Cry 3 with 250 GB Samsung 840 SSD on Black Friday - 11/19/2012 03:25 PM
Samsung announced today that for a limited time over this Black Friday weekend, its new 250 gigabyte (GB) SSD 840 solid-state drives will be available at a special discounted price and will include a ...
Samsung first foldable touchscreen device ? - 10/27/2012 06:06 AM
Samsung has plans to introduce their first foldable touchscreen device begin next year. The Samsung GT-B9150 will use a 5.3” sAMOLED HD DUAL display. According to techjailbreak this new Android device by Samsung is the Samsung Galaxy Q.
anticupidon
Maha Guru
Posts: 1667
Joined: 2008-03-06
Maha Guru
Posts: 1667
Joined: 2008-03-06
#4481911 Posted on: 12/18/2012 02:18 PM
only Samsung is vulnerable ?
only Samsung is vulnerable ?
k1net1cs
Ancient Guru
Posts: 3320
Joined: 2010-11-14
Ancient Guru
Posts: 3320
Joined: 2010-11-14
#4481932 Posted on: 12/18/2012 02:47 PM
Yep.
The vulnerability itself is software patchable, because the point of vulnerability isn't actually the Exynos CPU itself, but rather the custom kernel Samsung used IIRC.
One of the prominent XDA devs, Chainfire, has already made a quick fix for it.
God knows when Samsung would officially patch it, though.
only Samsung is vulnerable ?
Yep.
The vulnerability itself is software patchable, because the point of vulnerability isn't actually the Exynos CPU itself, but rather the custom kernel Samsung used IIRC.
One of the prominent XDA devs, Chainfire, has already made a quick fix for it.
God knows when Samsung would officially patch it, though.
Speed Weed
Master Guru
Posts: 633
Joined: 2011-12-04
Master Guru
Posts: 633
Joined: 2011-12-04
#4481955 Posted on: 12/18/2012 03:23 PM
Does it help to run an SGS3 on WiFi only?
Does it help to run an SGS3 on WiFi only?
Ven0m
Maha Guru
Posts: 1035
Joined: 2005-08-12
Maha Guru
Posts: 1035
Joined: 2005-08-12
#4481957 Posted on: 12/18/2012 03:30 PM
It's not a remote exploit - you need an installed piece of software capable of reading and writing to the hidden memory partition. So most likely you're fine and you'll be fine.
Does it help to run an SGS3 on WiFi only?
It's not a remote exploit - you need an installed piece of software capable of reading and writing to the hidden memory partition. So most likely you're fine and you'll be fine.
Andrés
Ancient Guru
Posts: 4283
Joined: 2006-03-25
Ancient Guru
Posts: 4283
Joined: 2006-03-25
#4482009 Posted on: 12/18/2012 04:43 PM
This. If you install apps only from the Play Store, chances are you'll never have a problem. The viruses come for those who install apps from dubious sources.
It's not a remote exploit - you need an installed piece of software capable of reading and writing to the hidden memory partition. So most likely you're fine and you'll be fine.
This. If you install apps only from the Play Store, chances are you'll never have a problem. The viruses come for those who install apps from dubious sources.
Speed Weed
Master Guru
Posts: 633
Joined: 2011-12-04
Master Guru
Posts: 633
Joined: 2011-12-04
#4482052 Posted on: 12/18/2012 05:33 PM
Many thanks, Ven0m and Andres, for those reassuring words.
Many thanks, Ven0m and Andres, for those reassuring words.
PhazeDelta1
Ancient Guru
Posts: 9317
Joined: 2010-09-12
Ancient Guru
Posts: 9317
Joined: 2010-09-12
#4482058 Posted on: 12/18/2012 05:40 PM
The exploit has been fixed. If you already rooted, read below.
Article:
http://www.xda-developers.com/android/dangerous-exynos-4-security-hole-demoed-and-plugged-by-chainfire/
Thread with patch:
http://forum.xda-developers.com/showthread.php?t=2050297
The exploit has been fixed. If you already rooted, read below.
Article:
http://www.xda-developers.com/android/dangerous-exynos-4-security-hole-demoed-and-plugged-by-chainfire/
Thread with patch:
http://forum.xda-developers.com/showthread.php?t=2050297
Click here to post a comment for this news story on the message forum.
Master Guru
Posts: 672
Joined: 2009-09-15
*Opens the window and throws his GNote out.
Update: 5 min later police arrests him with charge of murder attempt by throwing brick-like object to a passing pedestrian's head.