Samsung Galaxy smartphones are really shining in the market and a “BACKDOOR” found in all of them which is pre-installed, a security firm claimed, and this is main cause which could affect every user who use Samsung galaxy series.
The Backdoor allows an attacker to remotely access and modify device data, galaxy smartphones and tablets are affected by this backdoor.
A Developer at Replicant OS (a free mobile operating system based on Android) named ‘Paul Kocialkowski’ uncovered the backdoor, he claimed the backdoor is pre-installed on Samsung galaxy devices along with in the Samsung-built Google Nexus S, which is providing remote access to the data on the device.
It is also explained in the blog post by the devloper in which he explains the main cause of this backdoor which is- two seperate processors, in which one is used for general purpose that runs Android under Linux and another as modem-which is answerable to communications with the network provider.
“While working on Replicant, we discovered that the proprietary program running on the applications processor in charge of handling the communication protocol with the modem actually implements a backdoor that lets the modem perform remote file I/O operations on the file system,” the researcher said.
“This program is shipped with the Samsung Galaxy devices and makes it possible for the modem to read, write, and delete files on the phone’s storage. On several phone models, this program runs with sufficient rights to access and modify the user’s personal data.”
List of all Samsung devices affected:
- Nexus S (I902x)
- Galaxy S (I9000)
- Galaxy S 2 (I9100)
- Galaxy Note (N7000)
- Galaxy Nexus (I9250)
- Galaxy Tab 2 7.0 (P31xx)
- Galaxy Tab 2 10.1 (P51xx)
- Galaxy S 3 (I9300)
- Galaxy Note 2 (N7100)
“The incriminated RFS messages of the Samsung IPC protocol were not found to have any particular legitimacy nor relevant use-case. However, it is possible that these were added for legitimate purposes, without the intent of doing harm by providing a backdoor,” he added.
“However, some RFS messages of the Samsung IPC protocol are legitimate (IPC_RFS_NV_READ_ITEM and IPC_RFS_NV_WRITE_ITEM) as they target a very precise file, known as the modem’s NV data.”
If you want to disable this backdoor from your Samsung device, so Replicant itself published a patch for samsung devices HERE.