Exynos-powered Samsung devices affected by root exploit, fix now available

Daniel Bader

December 17, 2012 10:27am


Over the weekend, it became apparent that a kernel exploit discovered by a XDA-Developer member, alephzain, was potentially the worst Android malware discovery made to date. While no devices have yet been infected from the vulnerability, the potential for widespread disruption remains high.

The reason for this is simple: the exploit affects any Samsung device with an Exynos 4210 or 4212 chipset, which comprises millions of smartphones including the Bell Galaxy S II and all Canadian Galaxy Note II’s. The process allows an app, for example a malware-injected APK, to gain root access on any device that uses an Exynos chipset. While this would normally be a cause for celebration — an easier way to root, yay! — in this case it’s quite concerning. All Samsung devices save a few come with unlocked bootloaders, but gaining root access requires a custom kernel flash from a specially-downloaded Samsung tool called ODIN.

This exploit provides the case for a one-click root solution, but opens the system up to kernel-level takeovers. Several patches are already available from noted developers such as Chainfire, RyanZA and Supercurio, all of which root the device if desired and then patch the exploit so nothing can take over the system. Fixing the issue seems to break the front-facing camera, however, so it’s up to Samsung to acknowledge the problem and issue a OTA patch across its entire device ecosystem as soon as possible. Many Galaxy owners may not be knowledgeable enough about the root-level realities of their devices to know what is at stake; most Android owners do not root or attempt to hack their devices. But the potential for widespread malware is quite high here, and it’s incumbent on Samsung to do something as soon as possible.

So, what should you do? 

First, make sure your device is among those infected. Canadian Galaxy S III owners need not worry as their devices run Qualcomm processors; the same goes for the OG Galaxy Note i317m, Galaxy S II X, Galaxy S II LTE and other GS2 variants. Only the Bell Galaxy S II i9100, the Galaxy Note II (all variants), the Galaxy Note 10.1 and all international Galaxy Note and Galaxy S III variants.

If you are using an affected device, you have two options: do nothing (for now) and be vigilant about what you download; or, install one of several applications that patch the exploit but may have the side effect of breaking your front-facing camera.

Read all about the issue at XDA-Developers and remember folks, only you can prevent forest fires!

Source: XDA Developers
Via: Android Central

  • Alex

    It’s fine, I heard McAfee has a pretty good antivirus for you guys.

    • Ron Mexico

      This is no different than jailbreakme.com, now go away never post on this site again.

      iLoser!

  • Ron Mexico

    Official statement from Samsung: “This will be fixed in the Note 3 and Galaxy S4″

  • Bob

    If Android became so popular, does that mean that THEY are the sheeps? *facepalm*

    • Wes

      Not at all. This is a Samsung issue and not an android issue. Apple folk are still sheep that buy gadgets that are inflated in price for what they are really getting.

    • some guy

      We can’t be called “sheep” as that’s been patented by Apple.
      Maybe “robots” or some other (better) witty name.

    • Graham

      to some guy: “Drones”?

    • skullan

      Android users don’t buy due to branding, they buy for the things that the phone can do and now, with 4.x, the UI experience. The 4.x UI is alot better than 2.3 or earlier.

      It’s the difference between wanting to show your phone, versus wanting to really use your phone.

  • some guy

    Safe bet is to not download apps from torrent or super sketchy Chinese markets. Or just avoid any app that starts with “super sexy girls”.

  • metoo

    Ron are you retarded? This is very different that jailbreakme although that was a massive hole too. This is exploitable by apps from the Google Play store. You know, that source you are suppose to trust?

    Apple fixed their with a simple patch to iOS to fix Safari. The fix for this so far has been to disable the Camera (well, results in that anyway).

    Now, you can maybe compare this to the last Samsung hole, just a couple months ago, that allowed websites to own your phone and erase your SIM. That was good times too.

    Samsung is sung a joke. The sheep are the ones buying that s**t. First the talk you into buying a tablet as a phone and then the leave you open to multiple exploits. Sheep.

    • Mon gars ta vie doit etre plate

      Your days must be pretty long to use your time to bash on Samsung..

      Sammy <3

    • Ron Mexico

      Thats right, how silly of me. The jailbreakme.com could be implemented with any pdf link on any website you went to. Not an app form the Play store. What was I thinking? No comparisons here is there?

      iIdiot

  • AllanVS

    i317m is the North American versions of the Note II … so what is the difference between “OG Galaxy Note II” and “Rogers Galaxy Note II”?

  • Brad F(anboy)

    Strange how this update can be pushed in a matter of hours but getting Jelly Bean out takes months.

  • Greengoblin

    ^ This is just a patch through xda developers, not one through samsung

  • Frank

    Bell i9100. Obviously…. Good thing my nexus 4 is scheduled to arrive tomorrow

  • Obvious

    Security flaws will lead to one global OS version for devices and carrier-specific modifications will be an add-on. This can only be good for Android OS updates on a consistent and global basis.

  • Ants

    This is NOT a fix, a workaround at best.

  • WP8 FTW

    That’s what happens in the Wild West (aka Android)! As they say, “shoot from the hip, get hit in the crotch!!!”

  • ihitmyheadalot

    another pile of comments that excuse another huge problem with an android handset and repeat “dont look HERE look over there at the apple…”
    comment me down as i know you are going to do it. I dont give a s**t what kind of phone anyone uses as ive used pretty much all of them.. I do however wish the android population on this website would get a grip on reality and realise that they act more like sheep then those they condemn.. bunch of hypocrites that they are.

  • PlayCrook

    Bb10 0 apps = 0 security issues…all kidding aside I can’t help but think BB10 has an advantage security wise. Until iOS android and windows phone have FIPS certification all of your data is at risk. Yes I love all technologies and have one from each ecosystem but when it comes to security and getting down to business BlackBerry reigns supreme!