TrustGo Mobile has announced that it has developed and published the TrustGo Exynos Exploit Disabler, which is available on the Google Play store. The main aim of the Exynos Exploit Disabler, as the name might suggest, is to disable a significant vulnerability found in Samsung’s devices that are based on the Exynos 4 chip. The fix is available at no charge to all users of the vulnerable phone models, regardless of whether they are TrustGo customers.
“Hackers and malware developers are always looking for vulnerabilities,” says Xuyang Li, CEO of TrustGo. “Because Samsung has sold so many devices with Exynos processors, the bad guys will very quickly look to take advantage of this rich target.”
TrustGo Exynos Exploit Disabler automatically identifies if a device has the vulnerability. With a single touch of a button, the user is able to resolve the problem immediately. The TrustGo patch does not root the device.
TrustGo has released the Exynos Exploit Disabler for Exynos-based devices
Jerry Yang, VP of Engineering at TrustGo says, “We know how important it is to work quickly when users are at risk. Samsung has said it is working on its own resolution to the problem, but we felt strongly that it needed to be solved immediately. That’s why our team completed the development and testing in only 72 hours and why we have made the patch available to the entire Samsung mobile community at no charge.”
Earlier, Samsung had released an official statement about the Exynos exploit. According to the statement, "Samsung is aware of the potential security issue related to the Exynos processor and plans to provide a software update to address it as quickly as possible. The issue may arise only when a malicious application is operated on the affected devices; however, this does not affect most devices operating credible and authenticated applications. Samsung will continue to closely monitor the situation until the software fix has been made available to all affected mobile devices."
The flaw was discovered recently by the people at XDA Developers. This is a big problem as it could potentially allow attackers to use malicious apps that wipe data and brick devices, or even quietly access user data.
XDA member Alephzain tested the vulnerability on a Samsung Galaxy SIII to root the device, but he has said that the same exploit also exists on the Galaxy SII, the Galaxy Note II, the Meizu MX, and could exist on more devices that use Exynos processors, like the 4210 and the 4412, along with Samsung kernel sources.
While this is certainly bad news related to malicious attacks, it is being used by developers to make rooting and other advanced processes easier. Developer Chainfire has used the exploit to release an app called ExynosAbus that gains root privileges and installs the latest release of SuperSU on Exynos4-based devices.
The devices compatible with ExynosAbuse include: Samsung Galaxy S2 GT-I9100, Samsung Galaxy S3 GT-I9300, Samsung Galaxy S3 LTE GT-I9305, Samsung Galaxy Note GT-N7000, Samsung Galaxy Note 2 GT-N7100, Verizon Galaxy Note 2 SCH-I605 (with locked bootloaders), Samsung Galaxy Note 10.1 GT-N8000 and the Samsung Galaxy Note 10.1 GT-N8010.
Published Date: Dec 20, 2012 01:51 pm | Updated Date: Dec 20, 2012 01:51 pm