Samsung smartphone flaw allows root access

Share this article:

A researcher has unearthed a vulnerability affecting several Samsung smartphone models which could allow attackers to gain administrative access to the devices through any application.

On Saturday, someone named “Alephzain," posting on the XDA Developers forum, published details about the flaw. According to the user, the security hole lies within a Samsung headset kernel and affects all devices that run using the Exynos 4210 and 4412 processor.  

All physical memory on the device can be accessed and, in the worst-case scenario, stolen or erased by an attacker who uses an app to exploit the flaw, Alephzain said. Affected devices include the Samsung Galaxy Note 2, Galaxy S3, Galaxy S2, Meizu MX – and potentially other Samsung products.  

“The good news is we can easily obtain root [access] on these devices, and the bad is there is no control over it,” wrote Alephzain. So far, the flaw doesn't appear to have been publicly exploited. On Monday, Joseph Hindy, another member of the developer forum, published additional details about the vulnerability.

A spokesman for Samsung told SCMagazine.com in an email that the company was “currently in the process of conducting an internal review” on the issue.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.

Professor says Google search, not hacking, yielded medical info

Professor says Google search, not hacking, yielded medical ...

A professor of ethical hacking at City College San Francisco came forward to clarify that he did not demonstrate hacking a medical center's server in a class.

Syrian Malware Team makes use of enhanced BlackWorm RAT

Syrian Malware Team makes use of enhanced BlackWorm ...

FireEye analyzed the hacking group's use of the malware, dubbed the "Dark Edition" of BlackWorm.