Memory permissions raise danger of local attacks
Samsung Electronics Comp., Ltd. (KSC:005930) the top maker of Android smartphones in the world (or any kind of phones, for that matter), received some unwelcome news on Monday, when a developer going by the handle "alephzain" posted details on Microsoft Corp.'s (MSFT) XNA developers forum regarding memory permissions security holes in some of Samsung's top devices.
In order to give their proprietary Exynos 4 system-on-a-chip a dedicated line from the camera to the memory, Samsung opened up permissions to the on-chip DRAM. The only issue is that it appears to have opened its memory for writing to all users.
That's good news for modders who could use it to obtain root for the purpose of installing custom builds of Android like Cyanogen. Bu at it's bad news from a security perspective.
The Galaxy Note II
The flaw appears to affect a number of top Samsung devices, including the Galaxy Note II, the Galaxy S2, and the Meizu MX. Comments the developer who found the flaw, "The good news is we can easily obtain root on these devices and the bad is there is no control over it."
Generally to do something truly malicious with the flaw, you would have to use a trojan app equipped with memory dumping or memory injection functionality. But given the success of past trojans against Android-rival Apple, Inc. (AAPL) the possibility of this flaw being exploited in the wild should not be ruled out.
Sources: XDA, CNET
“We do believe we have a moral responsibility to keep porn off the iPhone.” -- Steve Jobs
|
Most Popular ArticlesHigh School Student Creates Storage Device that Can Charge in 20 Seconds
May 20, 2013, 6:51 AM
Apples Tries to Use Decade-Old Patents to Ban Samsung Galaxy S IV
May 22, 2013, 3:00 PM
NASA Awards $125,000 Grant for 3D Printed Food on Long-Term Space Travels
May 21, 2013, 1:32 PM
Microsoft Announces Voice-Controlled "Xbox One"
May 21, 2013, 12:55 AM
Cure For Baldness Could Be on Store Shelves within Two Years
May 22, 2013, 8:29 AM
|
