Samsung Promises Handset Security Patch

Samsung has said it is working on a fix to a serious security flaw that affects a number of its popular smartphone handsets, while a developer argued that the flaw appears to be the result of a “deliberate design decision” on the part of Samsung.

The flaw, revealed last weekend, involves Samsung’s implementation of the Android Linux kernel, and affects two versions of the company’s Exynos smartphone system-on-a-chip (SoC), the 4210 and 4412, which are found in handsets including the popular Galaxy SII and SIII.

Malicious code

It could allow a malicious application to gain administrator access to a device, allowing it to steal or manipulate data on the device, or carry out actions such as placing calls to premium-rate numbers.

While an exploit for the flaw has been posted online, thus far there have been no reports of attacks making use of the flaw.

Samsung said in a statement provided to TechWeek Europe UK that it was aware of the vulnerability and plans to provide a fix “as quickly as possible”.

The company downplayed the problem, remarking that it can only affect handsets when a user chooses to run a malicious application.

“The issue may arise only when a malicious application is operated on the affected devices; however, this does not affect most devices operating credible and authenticated applications,” Samsung stated.

Google scans the applications found in its Google Play marketplace for security issues, but security experts have criticised the adequacy of these controls. Security vendor Bit9 recently said it had classified more than 100,000 applications on Google Play as “questionable” or “suspicious”.

‘Deliberate’ modification

The vulnerability appears to be the result of a modification by Samsung to the Android Linux kernel in order to facilitate the operation of Samsung’s camera software.

“This was not some unfixed known kernel exploit,” wrote Arjan van de Ven, a kernel developer at Intel, in a post on Google Plus. “This was a deliberate design decision.”

He said the vulnerability stems from a a copy of the /dev/mem device driver modified in order to allow it to access kernel memory.

“Someone went and copied the driver, and then removed this restriction and made the device node world writeable,” van de Ven wrote. “That’s seriously inexcusable. Let’s see how long it takes for the long list of devices to get their security fix delivered, since the impact is quite serious.”

A developer using the handle “Chainfire” released an application that allows users to modify their handset software to make the exploit ineffective, but in some cases the fix may also disable the device’s camera.

Chainfire agreed that a fix would be complex in part because it would require Samsung to release different updates depending on the device’s firmware.

“The only true solution is a kernel fix that simply removes the exploitable memory device, but that requires a non-universal device update,” Chainfire wrote.

Samsung has not specified when it plans to release its promised patch.

Are you a security pro? Try our quiz!