After the recent reveal of an exploit in devices based on Exynos 4 processors, Samsung has now officially released a statement, according to Android Central. Samsung has also revealed that to exploit the flaw, a malicious app has to be specifically coded to do so.
Here is Samsung's statement: "Samsung is aware of the potential security issue related to the Exynos processor and plans to provide a software update to address it as quickly as possible.
"The issue may arise only when a malicious application is operated on the affected devices; however, this does not affect most devices operating credible and authenticated applications.
"Samsung will continue to closely monitor the situation until the software fix has been made available to all affected mobile devices."
The Galaxy S II is one of the devices at risk
The flaw was discovered recently by the people at XDA Developers. This is a big problem, as it could potentially allow attackers to use malicious apps that wipe data and brick devices, or even quietly access user data.
XDA member Alephzain tested the vulnerability on a Samsung Galaxy SIII to root the device, but he has said that the same exploit also exists on the Galaxy SII, the Galaxy Note II, the Meizu MX, and could exist on more devices that use Exynos processors like the 4210 and the 4412, along with Samsung kernel sources.
While this is certainly bad news related to malicious attacks, it is being used by developers to make rooting and other advanced processes easier. Developer Chainfire has used the exploit to release an app called ExynosAbus that gains root privileges and installs the latest release of SuperSU on Exynos4-based devices.
The devices compatible with ExynosAbuse include: Samsung Galaxy S2 GT-I9100, Samsung Galaxy S3 GT-I9300, Samsung Galaxy S3 LTE GT-I9305, Samsung Galaxy Note GT-N7000, Samsung Galaxy Note 2 GT-N7100, Verizon Galaxy Note 2 SCH-I605 (with locked bootloaders), Samsung Galaxy Note 10.1 GT-N8000 and the Samsung Galaxy Note 10.1 GT-N8010.
Earlier this month, it was revealed that the app verification that is bundled in Android 4.2 Jelly Bean is severely lacking, as it was only able to detect 15.32 percent of known malware. The data came from a study performed by Xuxia Jiang, an associate computer science professor at NC State University. The experiment used 1,260 samples that have been widely shared with the researching community as well as Google. While running the test on a Nexus 10 tablet running Android 4.2, just 193 out of the 1,260 samples were successfuly detected by the operating system as malware.
For the sake of comparison, researchers had also picked up a sample from each malware family and tested it with other anti-virus engines, including Avast, AVG, TrendMicro, Symantec, BitDefender, ClamAV, F-Secure, Fortinet, Kaspersky and Kingsoft. These anti-virus engines detected from 50 to 100 percent of the malware.
Published Date: Dec 20, 2012 10:25 am | Updated Date: Dec 20, 2012 10:25 am