Replicant ROM developer reports dangerous security flaw in Samsung Galaxy devices' modems5
Samsung is having a rough Thursday.After LeBron's misfortune, developer Paul Kocialkowski of Replicant, a 3rd-partyAndroid ROM, announced the discovery of a possibly dangerous security flaw insome Samsung Galaxy devices. Allegedly, the Nexus S, Galaxy S, GalaxyS 2, Galaxy Note, Galaxy Nexus, Galaxy Tab 2, Galaxy SIII, and GalaxyNote 2 have a line in their proprietary (non-Google) Android codethat grants their baseband modems permissions to read,write, and delete files on the phone's storage. The user is notalerted to this and has no option to intervene.
While this alone sounds like a possibleplayground for hackers, Kocialkowski explained that if attackers are able to gain remote control of thebaseband's microprocessor, which runs its own operating system andset of commands, they can take advantage of the flaw to blow thephone's file system wide open.
Kocialkowski recommends that concernedusers install the Replicant ROM, or another free-software OS, whichdoesn't include proprietary code for device components. "Our freereplacement does not implement this back-door," he said, and reassured users that "if the modem asks to read or write files,Replicant does not cooperate with it." While this wholeannouncement could seem like a marketing hoax to the moreskeptical of you, let's keep in mind that Replicant is free softwareand the guys behind it don't have that much to gain from suchtomfoolery.
Samsung hasn't commented on thediscovery, but knowing the company's security efforts, it will mostlikely investigate the report.