Major exploit found in Samsung models using Exynos 4210 and Exynos 4412 processors
Another XDA member named Chainfire has devised a one click root-method using the exploit. Samsung has been notified about the situation and we wouldn't be surprised to find the Korean based manufacturer sending out a patch soon to close this opening.
In the meantime, here is a list of devices that could be affected. Samsung Galaxy S II (GT-I9100), Samsung Galaxy S III (GT-I9300), Samsung Galaxy S III LTE (GT-I9305), Samsung GALAXY Note (GT-N7000), Samsung GALAXY Note II (GT-N7100), Samsung GALAXY Note II Verizon-Locked Bootloader (SCH-I605), Samsung GALAXY Note 10.1 (GT-N8000), Samsung Galaxy Note 10.1 (GT-N8010).
A developer named Supercurio has come up with an instant fix, which needless to say, you use at your own risk. You can find the site, called Project Voodoo, by clicking on this link.
Recently discover a way to obtain root on S3 without ODIN flashing.
The security hole is in kernel, exactly with the device /dev/exynos-mem.
This device is R/W by all users and give access to all physical memory … what’s wrong with Samsung ? […]
The good news is we can easily obtain root on these devices and the bad is there is no control over it.
Ram dump, kernel code injection and others could be possible via app installation from Play Store. It certainly exists many ways to do that but Samsung give an easy way to exploit. This security hole is dangerous and expose phone to malicious apps. Exploitation with native C and JNI could be easily feasible."-alephazin, XDA
source: XDA, TheNextWeb, via AndroidAuthority
1. wendygarett (unregistered)
That's why you shouldn't be so wild to root your device my fellow fandroids :)
3. true1984 (Posts: 582; Member since: 23 May 2012)
actually this was built into the system.it has nothing to do with rooting. samsung released the phone with a security flaw
4. Droid_X_Doug (Posts: 5530; Member since: 22 Dec 2010)
Actually, a variation on rooting seems to be a way to plug the hole (until Sammy releases a patch)....
The vulnerability seems to exist regardless of whether the phone has been rooted. All you have to do is install a malicious app that contains code that does the exploit, and your phone belongs to the exploiter. Until a patch is released, I may be putting my phone on airplane mode while it charges overnight.
6. Dr.Phil (Posts: 863; Member since: 14 Feb 2011)
I wouldn't worry that much about it, but I would say you should go under your settings and change it so that your applications do not automatically update.
9. Droid_X_Doug (Posts: 5530; Member since: 22 Dec 2010)
I have been requiring manual updates to apps since I moved to Android back in 2010. Although there is some slight risk that malware was developed before the current publicity. Since my installed apps are from mainstream developers with at least 20,000 installs, I probably have limited (if non-existent) exposure.
5. Dr.Phil (Posts: 863; Member since: 14 Feb 2011)
Yes, and I believe that for the most part you would be safe just as long as you don't download or use any applications you suspect to exploit this security flaw. So, for instance, I don't think downloading and playing "Angry Birds" on your phone would open yourself up to this type of hacking. However, if you are the type to download applications from unknown or untrusted publishers then yeah you could have the potential of this happening.
8. sarb009 (Posts: 284; Member since: 15 Jun 2011)
Hey wendy i guess u are spoiled kid of a rich father who has nothing to do except posting stupid comments on phonearena all the day or u are a homeless person sitting near a free wifi spot who also has nothing to do. In both cases u should find a job
25. AamirSIII (banned) (Posts: 187; Member since: 04 Oct 2012)
dislikes to ur comment show how sound u and ur comment are...
28. networkdood (Posts: 6250; Member since: 31 Mar 2010)
wendy, you really need to know what you are talking about.
2. darkskoliro (Posts: 935; Member since: 07 May 2012)
Maybe they shouldnt have posted the news, now all the hackers know. Should have just sent it in and got it patched asap
7. Droid_X_Doug (Posts: 5530; Member since: 22 Dec 2010)
Somehow, I suspect desire for attention on finding the exploit won out over prudence (notify Sammy and publicize the finding after a patch was released).
10. joey_sfb (Posts: 2560; Member since: 29 Mar 2012)
Its always good to alert users so they can be more mindful their actions. User need to install the dangerous app which sound like any malware to me. And to code one just for samsung phone is a lack of forth sight to me.
14. Droid_X_Doug (Posts: 5530; Member since: 22 Dec 2010)
"And to code one just for samsung phone is a lack of forth sight to me."
How so? Between the 2 model CPUs involved, there has to be at least a couple of million vulnerable devices. Sounds like a target-rich environment to me.
12. Joshing4fun (Posts: 1044; Member since: 13 Aug 2010)
Couldn't this be good in some way? Like used for good, not evil?
13. MeoCao (unregistered)
This is why Android is strong, it has the backing of an enthusiastic community.
Good job XDA
Hopefull SS will have the patch soon.
15. wendygarett (unregistered)
The stronger the android, the more evil the malwares are, you cannot ran away from malware tho, especially in ANDROID!!
16. MeoCao (unregistered)
LOL, we prefer this to weak iOS and weak malware.
18. rusticguy (Posts: 2819; Member since: 11 Aug 2012)
How big was the "security update" in 2010 as far as Apple was concerned? Security by obscurity is M$ ways of claiming that system is more secure than others
There's a bitdefender article on Apple security in 2010 :)
19. groupsacc (Posts: 232; Member since: 28 Feb 2012)
It'd be a good idea to stop installing any apps or even updating existing apps till this is fixed.
Seems like an easy fix, just by removing the offending R/W permission. Samsung should release an apk to run this permission removal as a script asap.
21. XaErO (Posts: 134; Member since: 25 Sep 2012)
Well, there is one BAD news and one GOOD.
1. BAD NEWS - Any app can take over the Root level access.
Samsung shall take care of this in upcoming days. So just be cautious while installing any new app even from Google Play store and look-out for the official patch from Samsung.
2. GOOD NEWS - You can root your device using this exploit.
Root your mobile device using the app developed by "Chainfire" (based on this vulnerability) with just one click. It is named as "ExynosAbuse v1.10". It is completely hassle free. This can be useful for those who can take some Risk but do not want to get into tedious "rooting" process.
22. someones4 (Posts: 618; Member since: 16 Sep 2012)
Apparently, this thing is for real...Was browsing the internet and an application installed itself and just bricked up my phone. lost all my data.
Anyone knows how to retrieve deleted data? i seldom perform backups
23. wendygarett (unregistered)
If you have dropbox, your photo and pictures will be safe, because dropbox will auto upload all your photo once your data is opened...
That's all I can help, the rest you need to ask someone elae, sorry my friends
30. bluescreen (Posts: 154; Member since: 22 Nov 2012)
sounds more like u were surfing porn sites and got hit by a virus lmao....sucks, trying to choke the chicken and they choked ur phone instead!!!
24. redmd (Posts: 860; Member since: 26 Oct 2011)
so how does this affect our everyday use of the phone?
26. mariosraptor (Posts: 108; Member since: 15 Mar 2012)
i believe Apple is behind every malware for Android. they leak them to attract people to ios
29. networkdood (Posts: 6250; Member since: 31 Mar 2010)
wouldn't that be something - however...this is all just fiction.