Samsung confirms Exynos exploit; will work to fix as soon as possible
A couple of days ago we told you guys about an exploit that the gracious developers of the Android community found within the kernels for the Exynos 4210 and 4412 chipsets. With this exploit, Exynos devices like the international Galaxy S2 and all Samsung Galaxy Note 2 units were vulnerable to malicious apps which could gain deep access to the system. It’s essentially a root exploit, and while that may sound all fine and dandy (the exploit is said to make rooting ridiculously easy) it would be a bad day if someone were to design an application specifically designed to attack it.
The community took the initiative in providing a fix, but that fix didn’t come without some bugs of its own as early testing proved to break the device’s camera as the files contributing to the exploit were related to that piece of hardware. Still, it showed a fix was possible and quite easy.
Samsung was quickly notified of these happenings and said they’d investigate the claims, but at that time the OEM couldn’t confirm whether or not they’d consider this to be a true issue. We had all the confidence in the world Samsung would agree with the development community, though, and that’s exactly what has developed this morning.
The manufacturer confirmed that the exploit existed, and has committed to providing a fix as fast as it can:
Samsung is aware of the potential security issue related to the Exynos processor and plans to provide a software update to address it as quickly as possible. The issue may arise only when a malicious application is operated on the affected devices; however, this does not affect most devices operating credible and authenticated applications. Samsung will continue to closely monitor the situation until the software fix has been made available to all affected mobile devices.
As we stated in our original report (and as Samsung reiterates here) most people need not worry too much about the exploit. Since you would need to download and install apps designed to attack the exploit then this can be easily avoided by watching what you download and making sure you’re downloading from credible, trustworthy sources.
This means making sure you’re getting applications from legit developers from places like the Google Play Store and the Amazon Appstore. Things get a little trickier when you venture outside those grounds, such as the free applications that are sometimes cooked up for our enjoyment on XDA, but even that is typically safe as the community houses mostly genuine developers.
And, really, if you’ve ever rooted your phone (no matter what the method) then you’re already using exploits to your benefit. This exploit is no different in that regard, but the ease of gaining root access through a kernel level hole is what’s troubling and is the main reason why this particular episode has gotten so much attention.
We’re sure a fix won’t take long to whip up for the Exynos devices affected by this exploit — after all, the development community made tremendous progress in just a few short hours. Samsung should be able to concoct a fix in no time, and the rollout should be following it soon after.
Unlocked devices would be first in line to receive the upgrade, obviously, while those with carrier specific devices would have to wait for carrier approval (though we imagine this is one thing most carriers won’t want to drag their feet on). Stay tuned to Phandroid as we look to provide the latest from the horse’s mouth down the line.