Malware in Galaxy S3, Galaxy Note 2, and other Android handsets

Malware in Galaxy S3, Galaxy Note 2, and other Android handsets

Android malware has been somewhat more actively discussed these days, including various reports from security firms. These all suggest that quite some Android devices have been affected by malicious apps, and that the number of such cases will even increase next year.

We have yet a new exploit discovery to show you, via xda-developers, that could be harmful for various 2012 flagship Samsung devices, including the Galaxy S3 and Galaxy Note 2, and for other devices that pack Exynos chips, too.

The xda user alephazin has discovered a vulnerability in Exynos processors version 4210 and 4412 (which essentially allows any Android app to access and control the whole device), and wrote:

 “Recently discover a way to obtain root on S3 without ODIN flashing. The security hole is in kernel, exactly with the device /dev/exynos-mem.  This device is R/W by all users and give access to all physical memory[…]”

Still, there seems to be a solution, but the poster explains: “

“The good news is we can easily obtain root on these devices and the bad is there is no control over it. Ram dump, kernel code injection and others could be possible via app installation from Play Store. It certainly exists many ways to do that but Samsung give an easy way to exploit. This security hole is dangerous and expose phone to malicious apps. Exploitation with native C and JNI could be easily feasible.”

The user Chainfire has obviously come up with a one-click root method solution, based on this exploit – called Exynos Abuse. And he has also notified Samsung about the whole issue. Now, we shall be waiting for Samsung to come up with some explanation for this potentially harmful exploit.

Meanwhile we’re offering a list some of the devices that could be affected, at least in theory, by malicious apps that would target this exploit:

  • Samsung Galaxy S2 GT-I9100
  • Samsung Galaxy S3 GT-I9300
  • Samsung Galaxy S3 LTE GT-I9305
  • Samsung Galaxy Note GT-N7000
  • Samsung Galaxy Note 2 GT-N7100
  • Verizon Galaxy Note 2 SCH-I605 (with locked bootloaders)
  • Samsung Galaxy Note 10.1 GT-N8000
  • Samsung Galaxy Note 10.1 GT-N8010.

You may also like...

2 Responses

  1. georgi says:

    The exploit can be found HERE:http://forum.xda-developers.com/showthread.php?p=35469999#post35469999

    [ROOT][SECURITY] Root exploit on Exynos

    Recently discover a way to obtain root on S3 without ODIN flashing.
    The security hole is in kernel, exactly with the device /dev/exynos-mem.
    This device is R/W by all users and give access to all physical memory … what’s wrong with Samsung ?
    Its like /dev/mem but for all.
    Three libraries seems to use /dev/exynos-mem:

    /system/lib/hw/camera.smdk4x12.so
    /system/lib/hw/gralloc.smdk4x12.so
    /system/lib/libhdmi.so

    Many devices are concerned :

    Samsung Galaxy S2
    Samsung Galxy Note 2
    MEIZU MX
    potentialy all devices who embed exynos processor (4210 and 4412) which use Samsung kernel sources.

    The good news is we can easily obtain root on these devices and the bad is there is no control over it.

Leave a Reply

Your email address will not be published. Required fields are marked *