Galaxy devices Samsung may have a backdoor

Developers of an Android alternative claim that many Samsung Galaxy devices have a backdoor, allowing the modem software to write to the phone’s memory. The Galaxy S4 and S5 are not vulnerable.

The backdoor was found by the developers of Replicant, an open source alternative to Android, which has much of the Android codebase on board. According to the developers, several devices are vulnerable, including the Galaxy Note 2, Tab 10.1, Galaxy S2 and Galaxy S3. The Galaxy S4 and S5 are not affected. The Galaxy S would be the most severely affected; the backdoor runs at the root level. On other phones, the exploit runs in the user environment, but with it, for example, the SD card can still be read.

The crux lies in the software that controls communication with the modem. That code includes support for several commands, including input/output operations to the phone’s internal memory. The developers suspect that this will allow remote commands to be sent to a phone and access to the file system.

The developers emphasize that there does not have to be malicious intent, but that there is nevertheless a backdoor. “The result is the same; it gives the modem access to the internal memory,” they write. In addition, the developers have found no practical use for the commands. Samsung could not be reached for comment.

Users can install Replicant; the backdoor doesn’t work on that. In addition, the Nexus S and Galaxy Nexus offer support for SELinux, which limits the freedom of movement for the backdoor. Alternative firmware developers could block so-called rfs requests in the kernel, making the backdoor ineffective.