Replicant ROM developer reports dangerous security flaw in Samsung Galaxy devices' modems

9comments
Replicant ROM developer reports dangerous security flaw in Samsung Galaxy devices' modems

Samsung is having a rough Thursday.After LeBron's misfortune, developer Paul Kocialkowski of Replicant, a 3rd-partyAndroid ROM, announced the discovery of a possibly dangerous security flaw insome Samsung Galaxy devices. Allegedly, the Nexus S, Galaxy S, GalaxyS 2, Galaxy Note, Galaxy Nexus, Galaxy Tab 2, Galaxy SIII, and GalaxyNote 2 have a line in their proprietary (non-Google) Android codethat grants their baseband modems permissions to read,write, and delete files on the phone's storage. The user is notalerted to this and has no option to intervene.



While this alone sounds like a possibleplayground for hackers, Kocialkowski explained that if attackers are able to gain remote control of thebaseband's microprocessor, which runs its own operating system andset of commands, they can take advantage of the flaw to blow thephone's file system wide open.



Kocialkowski recommends that concernedusers install the Replicant ROM, or another free-software OS, whichdoesn't include proprietary code for device components. "Our freereplacement does not implement this back-door," he said, and reassured users that "if the modem asks to read or write files,Replicant does not cooperate with it." While this wholeannouncement could seem like a marketing hoax to the moreskeptical of you, let's keep in mind that Replicant is free softwareand the guys behind it don't have that much to gain from suchtomfoolery.



Samsung hasn't commented on thediscovery, but knowing the company's security efforts, it will mostlikely investigate the report.



source: TheFree Software Foundation via TheRegister

Create a free account and join our vibrant community
Register to enjoy the full PhoneArena experience. Here’s what you get with your PhoneArena account:
  • Access members-only articles
  • Join community discussions
  • Share your own device reviews
  • Build your personal phone library
Register For Free

Recommended Stories

Loading Comments...
FCC OKs Cingular\'s purchase of AT&T Wireless