You are here: Home / Mobile Security / Backdoor Found in Samsung Galaxy
Mobile Fraud Impact:
Device intelligence uncovers hidden layers of risk in mobile transactions.
Download the free report
Backdoor Opens Samsung Galaxy Users to Danger
Backdoor Opens Samsung Galaxy Users to Danger
By Jennifer LeClaire / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
Security researchers are reporting a so-called backdoor security issue in Samsung Galaxy devices. The report comes from the Replicant project. Replicant develops free versions of Android to take the place of the proprietary versions that manufacturers and carriers install on most smartphones.

While working on Replicant, developer Paul Kocialkowski said he discovered that the proprietary program running on the applications processor in charge of handling the communication protocol with the modem also implements a backdoor. That backdoor, he explained, lets the modem perform remote file I/O operations on the file system.

"This program is shipped with the Samsung Galaxy devices and makes it possible for the modem to read, write, and delete files on the phone's storage," Kocialkowski said. "On several phone models, this program runs with sufficient rights to access and modify the user's personal data. A technical description of the issue, as well as the list of known affected devices, is available at the Replicant wiki."

If the modem runs proprietary software and can be remotely controlled, he continued, that backdoor provides remote access to the phone's data -- even in the case where the modem is isolated and cannot access the storage directly. He called it "another example of what unacceptable behavior proprietary software permits" and used it to argue his case for Replicant, which does not implement the backdoor.

Security Analyst: 'It's Very Serious'

We caught up with Craig Young, a security researcher for IT security software firm Tripwire, to find out what he had to say about the discovery. He told us the threat of vulnerabilities or backdoors within the baseband processor of a smartphone is very serious.

"This is essentially a separate computer system running next to the processor that powers your smartphone OS," Young said. "Dr. Charlie Miller leaked NSA documents that have revealed that baseband attacks can be very effective for compromising a phone and turn it into a perfect listening device."

In this particular case, Young said the researchers are claiming that at a minimum, received radio messages can contain commands to retrieve data from the phone's storage. Unfortunately, he explained, most white hat security researchers do not have the means to research this type of threat because it typically requires specialized equipment, a radio shielded room -- a sensitive compartmented isolation facility -- and possibly FCC approval.

Hijacking Associated Accounts

At the same time, Young continued, black-hat security researchers with malicious intentions that want to launch real attacks can acquire the technology necessary for this attack for less than $1,000, making this a realistic threat for corporate espionage and can be used in a variety of other targeted attacks.

"In my previous research into Android, presented at DEF CON 21, an attacker with root access to the Android device file system can easily hijack Google or other accounts associated with the device," Young said. "'Replicant' is suggesting that this is the case for the popular but older Galaxy S, which is an I9000 handset."

Tell Us What You Think


Like Us on FacebookFollow Us on Twitter
5 Cyber Security Predictions for 2015: Imperva's comprehensive security portfolio has been protecting the high-value applications and data assets at the heart of the enterprise since 2002. Imperva has tremendous knowledge about cyber security and the origins and nature of cyber attacks. Click here to learn their top 5 Cyber Security Predictions for 2015.
Product Information and Resources for Technology You Can Use To Boost Your Business

China has laid down some new rules requiring foreign firms to hand over proprietary source code and adhere to its encryption algorithms. U.S. businesses want "urgent discussions" on the new regs.
© Copyright 2015 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.