Major exploit found in Samsung models using Exynos 4210 and Exynos 4412 processors

Major exploit found in Samsung models using Exynos 4210 and Exynos 4412 processors
Bad news for those owning some of Samsung's flagship devices like the Samsung Galaxy S III and the Samsung GALAXY Note II. According to XDA member alephazin, Samsung devices with the Exynos 4210 or 4412 processor are vulnerable to being controlled through any Android app. The opening, he says, is dangerous and could expose the phone to apps designed to create havoc. In theory, memory could be wiped or phones could be bricked.

Another XDA member named Chainfire has devised a one click root-method using the exploit. Samsung has been notified about the situation and we wouldn't be surprised to find the Korean based manufacturer sending out a patch soon to close this opening.

In the meantime, here is a list of devices that could be affected. Samsung Galaxy S II (GT-I9100), Samsung Galaxy S III (GT-I9300), Samsung Galaxy S III LTE (GT-I9305), Samsung GALAXY Note (GT-N7000), Samsung GALAXY Note II (GT-N7100), Samsung GALAXY Note II Verizon-Locked Bootloader (SCH-I605), Samsung GALAXY Note 10.1 (GT-N8000), Samsung Galaxy Note 10.1 (GT-N8010).

A developer named Supercurio has come up with an instant fix, which needless to say, you use at your own risk. You can find the site, called Project Voodoo, by clicking on this link.


source: XDA, TheNextWeb, via AndroidAuthority

FEATURED VIDEO

30 Comments

1. wendygarett unregistered

That's why you shouldn't be so wild to root your device my fellow fandroids :)

3. true1984

Posts: 864; Member since: May 23, 2012

actually this was built into the system.it has nothing to do with rooting. samsung released the phone with a security flaw

4. Droid_X_Doug

Posts: 5993; Member since: Dec 22, 2010

Actually, a variation on rooting seems to be a way to plug the hole (until Sammy releases a patch).... The vulnerability seems to exist regardless of whether the phone has been rooted. All you have to do is install a malicious app that contains code that does the exploit, and your phone belongs to the exploiter. Until a patch is released, I may be putting my phone on airplane mode while it charges overnight.

6. Dr.Phil

Posts: 2340; Member since: Feb 14, 2011

I wouldn't worry that much about it, but I would say you should go under your settings and change it so that your applications do not automatically update.

9. Droid_X_Doug

Posts: 5993; Member since: Dec 22, 2010

I have been requiring manual updates to apps since I moved to Android back in 2010. Although there is some slight risk that malware was developed before the current publicity. Since my installed apps are from mainstream developers with at least 20,000 installs, I probably have limited (if non-existent) exposure.

5. Dr.Phil

Posts: 2340; Member since: Feb 14, 2011

Yes, and I believe that for the most part you would be safe just as long as you don't download or use any applications you suspect to exploit this security flaw. So, for instance, I don't think downloading and playing "Angry Birds" on your phone would open yourself up to this type of hacking. However, if you are the type to download applications from unknown or untrusted publishers then yeah you could have the potential of this happening.

8. sarb009

Posts: 322; Member since: Jun 15, 2011

Hey wendy i guess u are spoiled kid of a rich father who has nothing to do except posting stupid comments on phonearena all the day or u are a homeless person sitting near a free wifi spot who also has nothing to do. In both cases u should find a job

17. RaKithAPeiRiZ

Posts: 1488; Member since: Dec 29, 2011

its the NWO

25. AamirSIII

Posts: 187; Member since: Oct 04, 2012

dislikes to ur comment show how sound u and ur comment are...

27. PhenomFaz

Posts: 1236; Member since: Sep 26, 2012

dude get a life!

28. networkdood

Posts: 6330; Member since: Mar 31, 2010

wendy, you really need to know what you are talking about.

2. darkskoliro

Posts: 1092; Member since: May 07, 2012

Maybe they shouldnt have posted the news, now all the hackers know. Should have just sent it in and got it patched asap

7. Droid_X_Doug

Posts: 5993; Member since: Dec 22, 2010

Somehow, I suspect desire for attention on finding the exploit won out over prudence (notify Sammy and publicize the finding after a patch was released).

11. phil2n

Posts: 519; Member since: Apr 30, 2012

Flaw!, Flaw! .. or it is a Flue

10. joey_sfb

Posts: 6794; Member since: Mar 29, 2012

Its always good to alert users so they can be more mindful their actions. User need to install the dangerous app which sound like any malware to me. And to code one just for samsung phone is a lack of forth sight to me.

14. Droid_X_Doug

Posts: 5993; Member since: Dec 22, 2010

"And to code one just for samsung phone is a lack of forth sight to me." How so? Between the 2 model CPUs involved, there has to be at least a couple of million vulnerable devices. Sounds like a target-rich environment to me.

12. Joshing4fun

Posts: 1245; Member since: Aug 13, 2010

Couldn't this be good in some way? Like used for good, not evil?

13. MeoCao unregistered

This is why Android is strong, it has the backing of an enthusiastic community. Good job XDA Hopefull SS will have the patch soon.

15. wendygarett unregistered

The stronger the android, the more evil the malwares are, you cannot ran away from malware tho, especially in ANDROID!!

16. MeoCao unregistered

LOL, we prefer this to weak iOS and weak malware.

18. rusticguy

Posts: 2828; Member since: Aug 11, 2012

How big was the "security update" in 2010 as far as Apple was concerned? Security by obscurity is M$ ways of claiming that system is more secure than others There's a bitdefender article on Apple security in 2010 :)

19. groupsacc

Posts: 232; Member since: Feb 28, 2012

It'd be a good idea to stop installing any apps or even updating existing apps till this is fixed. Seems like an easy fix, just by removing the offending R/W permission. Samsung should release an apk to run this permission removal as a script asap.

20. bloodline

Posts: 706; Member since: Dec 01, 2011

samsung will be quick to update

21. XaErO

Posts: 353; Member since: Sep 25, 2012

Well, there is one BAD news and one GOOD. 1. BAD NEWS - Any app can take over the Root level access. Samsung shall take care of this in upcoming days. So just be cautious while installing any new app even from Google Play store and look-out for the official patch from Samsung. 2. GOOD NEWS - You can root your device using this exploit. Root your mobile device using the app developed by "Chainfire" (based on this vulnerability) with just one click. It is named as "ExynosAbuse v1.10". It is completely hassle free. This can be useful for those who can take some Risk but do not want to get into tedious "rooting" process.

22. someones4

Posts: 627; Member since: Sep 16, 2012

Apparently, this thing is for real...Was browsing the internet and an application installed itself and just bricked up my phone. lost all my data. Anyone knows how to retrieve deleted data? i seldom perform backups

23. wendygarett unregistered

If you have dropbox, your photo and pictures will be safe, because dropbox will auto upload all your photo once your data is opened... That's all I can help, the rest you need to ask someone elae, sorry my friends

30. bluescreen

Posts: 154; Member since: Nov 22, 2012

sounds more like u were surfing porn sites and got hit by a virus lmao....sucks, trying to choke the chicken and they choked ur phone instead!!!

24. redmd

Posts: 1926; Member since: Oct 26, 2011

so how does this affect our everyday use of the phone?

26. mariosraptor

Posts: 174; Member since: Mar 15, 2012

i believe Apple is behind every malware for Android. they leak them to attract people to ios

29. networkdood

Posts: 6330; Member since: Mar 31, 2010

wouldn't that be something - however...this is all just fiction.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.