A security vulnerability appears to lie in a number of Samsung smartphones, after an XDA developer stumbled across a dangerous chip-based flaw and posted his findings online.
The hole, found in the ARM-based Exynos 4 system-on-chip, could give apps access to user data and leave the handset open to malware and bricking. It was discovered by a poster on the XDA Developers forum who uses the name ‘alephzain’.
With the Exynos 4 powering Samsung’s popular Galaxy Note and Galaxy S2 devices, the chip’s vulnerability could provide a serious headache for the Korean manufacturer. Alephzain said the exploit bypasses the system permissions, allowing apps to inject malicious code into the kernel or steal data from the handset’s RAM.
The hole is also likely to affect the Meizu MX smartphone, and “potentially all devices who embed exynos processor (4210 and 4412) which use Samsung kernel sources (sic)”, added alephzain. If the newer 4412 chip is indeed found to be affected, the security of the Samsung Galaxy S3 and Note 2 smartphones (which run this version) will also be called into question.
“The good news is we can easily obtain root on these devices and the bad is there is no control over it,” said alephzain. Other forum members alerted Samsung over the issue but there has been no official comment from the company so far.