November 26, 2014

Samsung Galaxy security flaw discovered that provides remote access to data

android-security-flaw

Security has always been an interesting topic on Android and that discussion just got another reason to exist with a development team discovering a security flaw affecting the Samsung Galaxy series that could enable remote access to data on your device.

The development team behind an open-source operating system based on Android called Replicant OS, discovered that this ‘backdoor’ affects not only the version of Android running on Samsung Galaxy devices, but also those custom firmwares based on stock Android images such as Cyanogenmod.

The ‘backdoor’ is said to be caused by “the proprietary software that is in charge of handling the communications with the modem, using the Samsung IPC protocol, implements a class of requests known as RFS commands, that allows the modem to perform remote I/O operations on the phone’s storage.”

What that means is that hackers have the potential to harness this method and remotely access data stored on the device without your consent.

Some of the handsets known to be affected include:

  • Galaxy Nexus (I9250)
  • Galaxy Nexus S (I902x)
  • Galaxy S (I9000)
  • Galaxy S II (I9100)
  • Galaxy S III (I9300)
  • Galaxy Note (N7000)
  • Galaxy Note II (N7100)
  • Galaxy Tab 2 7.0 (P31xx)
  • Galaxy Tab 2 10.1 (P51xx)

Expect Google and Samsung to fix this very quickly.