Samsung’s most popular mobiles could be vulnerable to app-based attacks, a developer says, thanks to a security wobble in Samsung’s own-brand Exynos 4 processor.
XDA Developers member alephzain says they discovered the potentially damaging problem when investigating new ways to root the Samsung Galaxy S3. The vulnerability lies within Samsung’s Exynos 4 chip, and means any app could — in theory — extract data from a phone’s RAM or shoot a jet of molten malicious code directly into the kernel.
“RAM dump, kernel code injection and others could be possible via app installation from Play Store,” alephzain writes. The Galaxy S2 and Galaxy Note 2 could also play host to the same security hole.
“The good news is we can easily obtain root on these devices,” the original post reads, “and the bad is there is no control over it.”
It seems users have been able to plug the hole with some industrious tinkering, though adjusting the smart phone’s code appears to be disabling the S3’s camera. I’ve contacted Samsung about the reported vulnerability and I’ll update this story if I hear back.
Update: Samsung has been in touch to say, “We are currently in the process of conducting an internal review.”
Issues in code are to be expected, but it’s up to manufacturers to make sure their gadgets don’t leave customers exposed. If something in Samsung’s code really opens the possibility that smart phone owners could have their mobiles meddled with, here’s hoping it gets patched quickly.
Are you using one of Samsung’s smart phones? What do you think of it? Tell me in the comments or on our Facebook wall.