Security Hole Found in Several Samsung Smartphones

Status
Not open for further replies.

joytech22

Distinguished
Jun 4, 2008
1,686
0
19,810
10
Well, I'm not affected with my Galaxy Nexus, but my Note 10.1 is vulnerable.
In saying that though..

101 of I.T - Stick to reputable sources and you'll be fine. :D
 

john15v16

Distinguished
Nov 19, 2009
109
0
18,680
0
Crap! My instinct told me NOT to click on this article because It was probably cut-copy-paste by the notorious anti-anything-but-apple, Zak Islam...
 

house70

Splendid
It's up to the user to open up his/her system to malicious code. One has to try real hard to make Android OS vulnerable, because by default it won't allow installation of apps from third party sources, the debugging mode (that allows ADB) is not checked, and the system has to be given specific permissions to install anything, including the authorized apps.
If the user jumps through all these hoops AND chooses to run insecure code, it's up to him/her to suffer the consequences. It's like clicking on all the porn-related pop-ups on your computer (after willingly disabling your firewall and AV) and then complaining your system is compromised. Good luck with that.
Even so, a factory reset is all it takes for an Android system to recover, giving said moron another chance in doing it all over again or playing it safe.
I, personally, know a thing or two about this, and when I choose to take the riskier path, I know exactly what the pitfalls are. That is the beauty of Android, it allows one to do whatever they want with their phones. The greater the freedoms, the greater the potential risks, but I prefer it that way to a nanny system that tells me what I can and I can not do.
 

wildkitten

Distinguished
May 29, 2008
816
0
18,980
0
[citation][nom]otacon72[/nom]Yet you chose to post a useless comment...good job. Some people scare me on here.[/citation]
These Zak haters are mindless fools. They claim he is some sort of pro Apple guy, yet ignore the fact he writes even negative articles about Apple, that in fact, as his job is, he simply writes what he is suppose to regardless of whether it is positive or negative. They hate Apple so much they let that hate bleed over and show themselves incapable of reasoned, rationale thought.

If these Zak haters actually read the XDA post where this information was gotten from, they would recognize that the reason it is Samsung prevalent is because of how easy it should have been for Samsung to have noticed these things....
The question is why permissions are set to read/write for all in kernel AND in ueventd.smdk4x12.rc:•samsung developper in charge of this would lose his job
•some samsung apps with basic rights need to access it (I doubt it)
•a huge mistake
A simple patch could be to set permissions to 0660 or 0600 in ueventd.smdk4x12.rc, but I don't know how it would affect samsung applications/services.
Honestly, you Zak haters really need to look in the mirror and ask what's so wrong with yourselves that your blind hatred and obvious bigotry for something can spill over to a person merely doing their job and why it has made you so stupid you can't even click the link to the source material from where the article was taken.
 

InvalidError

Titan
Moderator
The exploit has absolutely nothing to do with the silicon or the ARM architecture.

The exploit is a silly driver exposing the whole system RAM as a block device that gives full access to everyone, bypassing all other access controls. All Samsung needs to do is either restrain access rights to that driver or remove it altogether and rewrite the few bits of proprietary software that used it.

Careless mistakes happen everywhere. This one just happened to be bigger than average.
 

acerace

Distinguished
Jan 1, 2011
970
0
19,060
36
You're one of the most wise people on here, wildkitten. I fully agree with your statement. As I stated before, Tom's is full with people that have immature minds.
 

ivanto

Honorable
Oct 11, 2012
78
0
10,630
0
If users are in danger, people should be informed. That's what this article is about. In fact, my friend's wife bought Galaxy 2 this weekend and it needs to be taken care of.
-IvanTO
 

nitto555rchallenger

Distinguished
Mar 25, 2009
112
0
18,680
0
You can all stop tearing each other apart, there is now a quick patch for this. XDA Elite Recognized Developer Chainfire has created the ExynosAbuse app that will fix things for the exploitable Exynos 4 processors. It's said that it may break your camera abilities, however mine is running fine. As always I'm not responsible for your device in anyway. Read the thread provided for more info and can also be downloaded for free at the PlayStore.

http://forum.xda-developers.com/showthread.php?t=2050297
 

alextheblue

Distinguished
Apr 3, 2001
3,078
106
20,970
2
[citation][nom]wildkitten[/nom]Honestly, you Zak haters really need to look in the mirror and ask what's so wrong with yourselves that your blind hatred and obvious bigotry for something can spill over to a person merely doing their job and why it has made you so stupid you can't even click the link to the source material from where the article was taken.[/citation]What about us "Zak dislikers"? Not everyone is going to be a fan, and this is a public site and you have to accept that. Personally I don't hate the guy but his articles can be weak, and are sometimes not news worthy at all. Then there's the material... in some cases he either doesn't fully understand what the original information signified, or doesn't care. He made a news post about patch tuesday, and made it sound like it was special for Surface and IE10. We get patch tuesday every month. Yet the same article didn't say anything about the wifi improvements. It's a bit annoying.

Now this particular article I don't have a huge issue with, but there are some faults. If you'd read InvalidError's post, you'd realize that the article is missing some information. It's not a CPU vulnerability, it's a software/driver flaw. Furthermore, and I'm far from being an Android fanboy, by default you can only install stuff from Google Play. So this is not likely to be very threatening to stock phones, and it will probably get patched soon anyway (or you could try the unofficial patch nitto posted).

Also: I don't call him iSlam or anything like that, and I don't agree with the level of vitriol, but people are entitled to their opinion. Even you. Even me. Even otacon! Well maybe not otacon, but still... (just kidding otacon).
 
G

Guest

Guest
The cost of labor in SK is so low that Samsung can hire dozens of dudes to chill all day posting comments at Toms. What else could possibly explain comment sections like this? I can't honestly believe that Samsung, a middle-of-the-road electronics manufacturer actually has this sort of weird cult following.
 

acerace

Distinguished
Jan 1, 2011
970
0
19,060
36


Doesn't grant you people the right to bash him in his every post. We're civilized people. Well, if you disliked him, just state it nicely. No need to act around like a little beech, like some of you people did.
 

alextheblue

Distinguished
Apr 3, 2001
3,078
106
20,970
2
[citation][nom]acerace[/nom]Doesn't grant you people the right to bash him in his every post. We're civilized people. Well, if you disliked him, just state it nicely. No need to act around like a little beech, like some of you people did.[/citation]I thought I was pretty nice. Not sure why you felt the need to single me out and insult me. "You people". Richard.
 
G

Guest

Guest
I know "re-blogging" is something of a necessary evil for online journalism these days, but this is pretty much completely copied from CNET's report. At least try to make it sound like you're doing original reporting, please.

http://news.cnet.com/8301-1009_3-57559495-83/suspected-security-hole-found-in-many-samsung-devices/
 
Status
Not open for further replies.

ASK THE COMMUNITY