Thursday, March 13, 2014

Backdoor found in Samsung Galaxy Devices, allows Hackers to remotely access/modify Data

Inline image 1

Google's Android operating system may be open source, but the version of Android that runs on most phones, tablets, and other devices includes proprietary, closed-source components.
Phone makers, including Samsung ships its Smartphones with a modified version of Android, with some pre-installed proprietary software and because of lack in independent code review of those closed-source apps, it is complex to authenticate its integrity and to identify the existence of backdoors.

Paul Kocialkowski, the developers of the Replicant OS has uncovered a backdoor pre-installed on Samsung Galaxy devices and the Nexus S, that provides remote access to all the data in the device.

In a blog post, He explained that Samrtphones come with two separate processors, one for general-purpose applications processor that runs Android OS and the other one known as the Modem, responsible for communications with the mobile telephony network.
The Researcher found that a Samsung's IPC protocol runs in the background, which is bound to the communications processor, and allows the modem to remotely read, write, and delete files on the user's phone storage. Samsung IPC protocol, implements a class of requests, known as RFS commands, that allows the modem to perform remote I/O operations on the phone's storage.

Read more: Hacker news