Over on XDA Developers, user alephzain has found an alarmingly simple exploit that could grant an unscrupulous person access to Samsung’s most popular devices.
The user discovered the vulnerability while looking for an easier way to obtain root access – which is the means through which some like to modify their Android phones with custom operating systems. Alephzain found just such an easier way, before realising that it was actually a major security issue.
Apparently, devices with the Exynos 4210 or Exynos 4412 processor – Samsung’s own custom chips found in the Samsung Galaxy S3, Samsung Galaxy Note 2 and Samsung Galaxy S2 – are effected.
In these devices it’s relatively easy to gain direct read / write access to all physical memory on the device. This means that inserting malware onto these devices would be as simple as putting a dodgy app onto the Google Play store and having it downloaded by an unsuspecting user.
Samsung has apparently been made aware of this issue, but has as yet made no comment on it let alone released a fix. Some enterprising users have created work-around fixes that require no rooting or special knowledge to apply, though they all reportedly hamper the operation of the device’s front-facing camera.
Still, it’s a small price to pay for peace of mind. The other step to take is to ensure that you only download genuine apps from established sources – at least until a proper fix is issued.