Samsung Galaxy range wide open to malware: forum
XDA developer exposes flaw in ARM-built Exynos chip
An Android and Windows developers' forum has uncovered a vulnerability in Samsung's ARM-based Exynos SoC (system on a chip) that would allow installed apps full read-write access to the entire physical memory of the parent device.
The initial posting on Saturday by user "Alephzain" on forum.xda-developers.com said: "Recently discover [sic] a way to obtain root on S3 without ODIN flashing."
Root access hands administrative, super-user control of the device to any user, or third-party app that sought it. While Alephzain found the problem in a Galaxy SIII, the user claims the exploit is present in "potentially all devices that embed Exynos processor (4210 and 4412)". This would include the Galaxy SII and the Galaxy Note II and China-based Meizu Technology's MX smartphone.
While other XDA developers discussed the implications of the range of activities available via the exploit - "Ram dump, kernel code injection and others", according to Alephzain - a member called "Chainfire" said they had informed Samsung engineers of the issue. All concerned are "waiting for a fix ASAP".