A keen XDA member named alephzain has exploited a rather big security hole in devices that are powered by the Samsung Exynos 4 chipset. These Exynos 4 powered devices apparently have their physical memory access open for all kinds of applications, if exploited. Sounds serious.
This is what the XDA member named alephzain has to say about the exploit –
Recently discover a way to obtain root on S3 without ODIN flashing.
The security hole is in kernel, exactly with the device /dev/exynos-mem.
This device is R/W by all users and give access to all physical memory … what’s wrong with Samsung ?
Basically, the devices with Exynos 4 processor are now easily rootable thanks to this exploit but apparently leaves open read/write access to the physical memory, which means any app can access the exploited file system – /dev/exynos-mem and has references to the camera, graphics memory allocation and the HDIM capabilities. Regarding the exploit’s implications, he says –
Ram dump, kernel code injection and others could be possible via app installation from Play Store. It certainly exists many ways
to do that but Samsung give an easy way to exploit. This security hole is dangerous and expose phone to malicious apps.
Exploitation with native C and JNI could be easily feasible.
However, another member from the same XDA forum has provided an instant fix for the exploit. You can check that out here. It voids your warranty but at least makes your device more secure.
The speculation in the forum is that Samsung might have left that open for their own apps to get more access into the physical memory for improved performance, but the jury is still out on that one. Although, good news is the fix in the form of an unofficial APK is already here and lets hope Samsung patches it in their kernel FW soon.
The devices affected by this exploit are –
- Galaxy S2 and S3
- Galaxy Note and Note II
- Galaxy Tab 7.7, Note 10.1
- Meizu MX
- And literally anything running an Exynos 4210 or 4412 processor
Source XDA via Android Police