backtop


Print 9 comment(s) - last by Trisped.. on Dec 20 at 2:46 AM

Memory permissions raise danger of local attacks

Samsung Electronics Comp., Ltd. (KSC:005930) the top maker of Android smartphones in the world (or any kind of phones, for that matter), received some unwelcome news on Monday, when a developer going by the handle "alephzain" posted details on Microsoft Corp.'s (MSFT) XNA developers forum regarding memory permissions security holes in some of Samsung's top devices.

In order to give their proprietary Exynos 4 system-on-a-chip a dedicated line from the camera to the memory, Samsung opened up permissions to the on-chip DRAM.  The only issue is that it appears to have opened its memory for writing to all users.

That's good news for modders who could use it to obtain root for the purpose of installing custom builds of Android like Cyanogen.  Bu at it's bad news from a security perspective.
 
Galaxy Note II
The Galaxy Note II

The flaw appears to affect a number of top Samsung devices, including the Galaxy Note II, the Galaxy S2, and the Meizu MX.  Comments the developer who found the flaw, "The good news is we can easily obtain root on these devices and the bad is there is no control over it."

Generally to do something truly malicious with the flaw, you would have to use a trojan app equipped with memory dumping or memory injection functionality.  But given the success of past trojans against Android-rival Apple, Inc. (AAPL) the possibility of this flaw being exploited in the wild should not be ruled out.

Sources: XDA, CNET



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Wow
By messele on 12/18/2012 6:07:12 AM , Rating: 2
I've been waiting three days for this one to see what spin would be put on it and y'know I'm not disappointed. In fact my expectations have been exceeded.

Let's ignore the sheer scale (in terms of products) and sheer seriousness of this situation (wilful Direct Memory Access on a network-connected device) but instead deflect attention towards the fruity ones with a link to a completely irrelevant article that was scotched six months ago in any case and was a complete non-story.

No matter about all those Samsung owners who will be blissfully unaware of the mess going on in their pocket because they don't read tech websites (I mean proper tech websites, not this one obviously) and have no idea just how big a clusterfuck Samsung have made here and will probably actually be completely unaware of it and therefore will not take steps to mitigate the problem.

Good game Mick. Clown.




RE: Wow
By ssnova703 on 12/18/2012 3:23:06 PM , Rating: 2
Looks like the story/article was taken down? It shows up as blank, even after refreshing.


"This is about the Internet.  Everything on the Internet is encrypted. This is not a BlackBerry-only issue. If they can't deal with the Internet, they should shut it off." -- RIM co-CEO Michael Lazaridis














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki