Dec, 17 2012

Uh-oh — it looks like someone left a rather big hole open in Samsung’s kernel for its latest Exynos-based devices. An exploit has been reported to exist that would allow a malicious application to gain full access to a user’s device. For some reason, several parts of the memory system are open for read/write access to anyone.

It’s said to affect any device with the Exynos 4210 and 4412, which would include heavy hitters such as the Exynos Samsung Galaxy S2, the Exynos Samsung Galaxy S3 and all Samsung Galaxy Note 2 units. Those with Qualcomm-based devices — which were common with the Galaxy s2 and Galaxy S3 here in North America due to LTE — are safe.

For an idea of just how bad this exploit is, know that it is possible for anyone who knows what they’re doing to gain root access fairly easily — so easily, in fact, that you don’t need to ODIN or do any fancy file transferring to do so. This means an app you download from the Google Play Store or third party sources could quietly break into any part of the system it wants to without much effort at all.

More details about what seems to be going on can be found at the XDA thread where many folks within the development community have come together to discuss the exploit. A temporary low-level fix has been provided for developers who want to experiment with it or implement it into their ROMs, but the fix does seem to break access to the device’s camera. It comes down to what’s more important: security or photos? The former should ring true for most, but we understand the hesitance of not wanting to lose the latter.

Luckily, danger should be easily avoidable. For starters — and you might have heard this a lot in the past, but here it is again — please remember to download from trusted sources only. Try and stick to the Google Play Store wherever possible, and don’t download any app that looks suspicious.

Most folks in the Play Store are genuine, but one or two apps may try and sneak their way into people’s phones by disguising themselves as something they’re really not. Most of these types of apps tend to be simple wallpaper or ringtone apps, so if there was one category you absolutely had to stay away from then that would be it.

If you’re downloading APKs for the purposes of sideloading then be sure that you can trust the developer who provides it. Even if you trust the developer, make sure you’re reading comments regarding the APK, and make sure you’re downloading from the developer’s own link.

Of course, avoidance is not the best course of action — an even better solution would be an official fix from Samsung. The company has acknowledged that a problem might exist and has launched a formal investigation into the matter. We’re hopeful it’ll find that the development community is right, and that a fix will be rushed out worldwide to prevent a huge problem.

[XDA Developers via MobileSyrup]