Samsung Device Weakness Allows Data to Be Extracted or InjectedPosted by aonenetworks On December 18, 2012
An unconfirmed, but heavily researched, hole has been found in a number of Samsung smartphones and other devices that makes them vulnerable to specific malicious intent. The devices with this hole are particularly easy to infect with malicious code, which can be used to gather your personal data such as credit card numbers and passwords.
The vulnerability with the Samsung devices was discovered by an XDA member. He found out that the problem lays in Exynos 4, the system-on-chip that Samsung smartphones and tablets depend on to function. The XDA member, which goes by the handle “alephzain,” exploited this weakness and bypassed the system permissions on a phone within a ten minute timespan. He then proved that once this hole has been discovered, any app downloaded will be able to take data and inject spyware and other viruses into the phone’s coding.
Alephzain also said he only stumbled upon the vulnerability when he was trying to root his Galaxy S3. The exploit also affects other devices, such as the Galaxy Note and the Galaxy S2. Any phone or tablet that uses the Exynos 5 chip is “immune” to the hole, however, such as the Nexus 10.
Alephzain said he had mixed feelings about discovering the issue – he can “easily root on these devices,” but “there’s no control over it,” which means “Samsung should fix it quickly.”