Backdoor Found in Samsung Galaxy

Status
Not open for further replies.

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
A developer working on Replicant, an open-source free mobile operating system designed to replace all proprietary Android components with open-source alternatives, has discovered a backdoor in Samsung Galaxy that provides almost full access to user files, camera, microphone and location.
Mobile phones have two processors, one applications processor that handles the operating system, and one that handles the outside communications.

Paul Kocialkowski, a Replicant developer, describes the comms processor as the 'modem.' "This processor always runs a proprietary operating system, and these systems are known to have backdoors that make it possible to remotely convert the modem into a remote spying device," he wrote on a Free Software Foundation blog Wednesday. Since the modem processor is normally continuously connected to the operator's network, it is nearly always accessible, and can necessarily connect to the parts of the device used for communications: such as camera, microphone, and GPS location services.

However, the problem for Android users is the device supplier has full access to the Android operating system and can modify or add to it at will. "While working on Replicant," writes Kocialkowski, "we discovered that the proprietary program running on the applications processor in charge of handling the communication protocol with the modem actually implements a backdoor that lets the modem perform remote file I/O operations on the file system. This program is shipped with the Samsung Galaxy devices and makes it possible for the modem to read, write, and delete files on the phone's storage."

That is, Samsung Galaxy phones open a direct connection between the two processors, giving remote access capabilities to the applications processors' files and user data. It is, says Kocialkowski, "yet another example of what unacceptable behavior proprietary software permits! Our free replacement for that non-free program does not implement this backdoor."

Not everyone is unduly alarmed. Cnet reports, "Although Replicant said that the software could potentially access user data, it appears that it's doing nothing wrong. In fact, the company wrote that there are some features in the software that are 'legitimate.'" This appears to refer to a comment in Replicant's technical discussion on the issue.

The full statement, however, reads, "The incriminated RFS messages of the Samsung IPC protocol were not found to have any particular legitimacy nor relevant use-case. However, it is possible that these were added for legitimate purposes, without the intent of doing harm by providing a back-door. Nevertheless, the result is the same and it allows the modem to access the phone's storage. However, some RFS messages of the Samsung IPC protocol are legitimate (IPC_RFS_NV_READ_ITEM and IPC_RFS_NV_WRITE_ITEM) as they target a very precise file, known as the modem's NV data."

Read more: http://www.infosecurity-magazine.com/view/37451/backdoor-found-in-samsung-galaxy/
 

Nico@FMA

Level 27
Verified
May 11, 2013
1,687
Uhhm I would call this a advertisement stunt, we already knew that android did have several backdoors, and we also know that Samsung Galaxy has several hardware based backdoors. (Smartphones have been rigged with software and hardware based backdoors since they got in the market. Even your old Ericson Marcopolo phone did already have a tune in device.
Nothing new here.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top