Samsung confirms Exynos exploit; will work to fix as soon as possible

A couple of days ago we told you guys about an exploit that the gracious developers of the Android community found within the kernels for the Exynos 4210 and 4412 chipsets. With this exploit, Exynos devices like the international Galaxy S2 and all Samsung Galaxy Note 2 units were vulnerable to malicious apps which could gain deep access to the system. It’s essentially a root exploit, and while that may sound all fine and dandy (the exploit is said to make rooting ridiculously easy) it would be a bad day if someone were to design an application specifically designed to attack it.

The community took the initiative in providing a fix, but that fix didn’t come without some bugs of its own as early testing proved to break the device’s camera as the files contributing to the exploit were related to that piece of hardware. Still, it showed a fix was possible and quite easy.

Samsung was quickly notified of these happenings and said they’d investigate the claims, but at that time the OEM couldn’t confirm whether or not they’d consider this to be a true issue. We had all the confidence in the world Samsung would agree with the development community, though, and that’s exactly what has developed this morning.

The manufacturer confirmed that the exploit existed, and has committed to providing a fix as fast as it can:

Samsung is aware of the potential security issue related to the Exynos processor and plans to provide a software update to address it as quickly as possible. The issue may arise only when a malicious application is operated on the affected devices; however, this does not affect most devices operating credible and authenticated applications. Samsung will continue to closely monitor the situation until the software fix has been made available to all affected mobile devices.

As we stated in our original report (and as Samsung reiterates here) most people need not worry too much about the exploit. Since you would need to download and install apps designed to attack the exploit then this can be easily avoided by watching what you download and making sure you’re downloading from credible, trustworthy sources.

This means making sure you’re getting applications from legit developers from places like the Google Play Store and the Amazon Appstore. Things get a little trickier when you venture outside those grounds, such as the free applications that are sometimes cooked up for our enjoyment on XDA, but even that is typically safe as the community houses mostly genuine developers.

And, really, if you’ve ever rooted your phone (no matter what the method) then you’re already using exploits to your benefit. This exploit is no different in that regard, but the ease of gaining root access through a kernel level hole is what’s troubling and is the main reason why this particular episode has gotten so much attention.

We’re sure a fix won’t take long to whip up for the Exynos devices affected by this exploit — after all, the development community made tremendous progress in just a few short hours. Samsung should be able to concoct a fix in no time, and the rollout should be following it soon after.

Unlocked devices would be first in line to receive the upgrade, obviously, while those with carrier specific devices would have to wait for carrier approval (though we imagine this is one thing most carriers won’t want to drag their feet on). Stay tuned to Phandroid as we look to provide the latest from the horse’s mouth down the line.

Continue reading:

TAGS:



  • Michael Quinlan

    I’ve said before that caution and common sense are all you need to for a safe experience, but there’s one other thing you need – people who don’t exercise either of those things – the guinea pigs of the world. Every time I read something like this though, I’m glad I’m using an unlocked Galaxy Nexus, and not some carrier-hindered device.

    • No_Nickname90

      Exactly!! It’s the same thing when downloading programs on Windows computer. Don’t download something from DownloadersRejoiceFree.com. That’s just asking to be hacked. LoL!!

      *Disclaimer*
      I typed that website as a joke. If that turns out to be a real website and it causes malicious content to go onto your computer then that is your own fault. I have no affiliation with that website and its sponsors, contributors or anything of the liking.
      *Disclaimer End*

      Just in case…

  • DroidModderX

    Chainfire fire has released an application that patches the exploit https://www.youtube.com/watch?v=G2_zHqsC4BE&feature=youtube_gdata_player here it is in action on my Verizon galaxy note 2

  • Darren Broderick

    Chainfire’s fix worked on my S3 and the camera’s fine

  • http://www.facebook.com/mr.e.cameron Earl Cameron

    hopefully this means an update to jelly bean!