Samsung is having a rough Thursday. After LeBron's misfortune, developer Paul Kocialkowski of Replicant, a 3rd-party Android ROM, announced the discovery of a possibly dangerous security flaw in some Samsung Galaxy devices. Allegedly, the Nexus S, Galaxy S, Galaxy S 2, Galaxy Note, Galaxy Nexus, Galaxy Tab 2, Galaxy SIII, and Galaxy Note 2 have a line in their proprietary (non-Google) Android code that grants their baseband modems permissions to read, write, and delete files on the phone's storage. The user is not alerted to this and has no option to intervene.
While this alone sounds like a possible playground for hackers, Kocialkowski explained that if attackers are able to gain remote control of the baseband's microprocessor, which runs its own operating system and set of commands, they can take advantage of the flaw to blow the phone's file system wide open.
Kocialkowski recommends that concerned users install the Replicant ROM, or another free-software OS, which doesn't include proprietary code for device components. "Our free replacement does not implement this back-door," he said, and reassured users that "if the modem asks to read or write files, Replicant does not cooperate with it." While this whole announcement could seem like a marketing hoax to the more skeptical of you, let's keep in mind that Replicant is free software and the guys behind it don't have that much to gain from such tomfoolery.
Samsung hasn't commented on the discovery, but knowing the company's security efforts, it will most likely investigate the report.