dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1971
share rss forum feed


Smokey Bear
veritas odium parit
Premium
join:2008-03-15
Annie's Pub
kudos:4

1 edit

Extr. critical vuln. Samsung Android devices [*CONFIRMED*]

ExynosAbuse Exploit: obtaining root on Exynos4 based Samsung Android devices without ODIN flashing, malicious apps will be able to gain total control over the device by gaining root without asking and without any permissions on a vulnerable device.

Source: XDA Developers (alephzain, Chainfire)

• alephzain: »forum.xda-developers.com/showthr···=2048511
• Chainfire: »forum.xda-developers.com/showthr···=2050297

Samsung solution status: unfixed

Vulnerable devices:

• Samsung Galaxy S2 GT-I9100

• Samsung Galaxy S3 GT-I9300
• Samsung Galaxy S3 LTE GT-I9305

• Samsung Galaxy Note GT-N7000

• Samsung Galaxy Note 2 GT-N7100
• Samsung Galaxy Note 2 LTE GT-N7105
• AT&T Galaxy Note 2 SGH-I317
• Verizon Galaxy Note 2 SCH-I605

• Samsung Galaxy Tab Plus GT-P6210

• Samsung Galaxy Note 10.1 GT-N8000, GT-N8010, GT-N8013, GT-N8020

Note: Google Nexus 10 not vulnerable, Exynos5.

Temporary patch (provided by Chainfire): »forum.xda-developers.com/showthr···=2050297

Note: Chainfire requested not to redistribute the patch, instead please link to »forum.xda-developers.com/showthr···=2050297

Dec 19 2012 - Post subject adapted: vulnerability confirmed by Samsung
--
»bit.ly/gUqYaH - C. Brian Smith: Think of the exclamation point as a car horn: a little goes a long way. Lay on it too hard and everyone’s going to think you’re a moron.



Anon users

@anonymouse.org

Re: Extremely critical vulnerability Samsung Android devices

Not only Samsung's Kernel has WRONG PERMISSIONS to allow free hacking

Anyone using Droidwall (with rooted stock roms, or custom CM roms) from code.google.com/p/droidwall (latest @v1.57) could be hacked... allowing taking over your whole Android phone...

hint: Look carefully for the OTHERS permission at /data/data/com.googlecode.droidwall/app_bin/droidwall.sh

No one with Unix 100 would have made such mistake...


OZO
Premium
join:2003-01-17
kudos:2

I have a different smart phone and, of course, it doesn't have /data/data/com.googlecode.droidwall/app_bin/droidwall.sh file. Do you have a general recommendation what to check there? Like e.g which files must have (or should not have) what permissions, etc... Thanks in advance.
--
Keep it simple, it'll become complex by itself...



siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
reply to Smokey Bear

Also cited:
»arstechnica.com/security/2012/12···tphones/


Fickey
Terrorists target your backbone

join:2004-05-31
reply to Anon users

said by Anon users :

...Anyone using Droidwall (with rooted stock roms, or custom CM roms) from code.google.com/p/droidwall (latest @v1.57) could be hacked... allowing taking over your whole Android phone...

hint: Look carefully for the OTHERS permission at /data/data/com.googlecode.droidwall/app_bin/droidwall.sh ...

I don't really have any Unix or Linux expertise, but looking at my droidwall.sh & referring to this, I don't see any OTHERS issues. What am I missing?


Anon users

@anonymouse.org

assigning rwx rights for OTHERS is unforgiving in Unix if the user has root privileges. ...Can't commend more, wouldn't detail how to exploit...



siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
Reviews:
·Bell Sympatico

1 edit
reply to Smokey Bear

I've read in a number of reports:

[...] has contacted Samsung for comment for comment and will update this report when we learn more.

Without Samsung being more forthcoming, we are at a stalemate, for now. A Spanish MVP close to ESET is reporting that some vulnerability is being reported on Samsung TV's.
I have requested a translation of the article I was provided.

Fickey
Terrorists target your backbone

join:2004-05-31
reply to Anon users

said by Anon users :

assigning rwx rights for OTHERS is unforgiving in Unix if the user has root privileges. ...Can't commend more, wouldn't detail how to exploit...

Understood, but I don't see anything in droidwall.sh that comes close to resembling rwx or 007 or whatever. Maybe because I don't have any custom scripts? Or more likely, it's just over my head.


Anon users

@anonymouse.org

oh, ya don't get my 'riddle' clear, not inside droidwall.sh, just ls -l droidwall.sh



Smokey Bear
veritas odium parit
Premium
join:2008-03-15
Annie's Pub
kudos:4
reply to Smokey Bear

Android Central | Dec 19 2012

Official Samsung Statement Exynos kernel vulnerability issue (in full)

"Samsung is aware of the potential security issue related to the Exynos processor and plans to provide a software update to address it as quickly as possible.

The issue may arise only when a malicious application is operated on the affected devices; however, this does not affect most devices operating credible and authenticated applications.

Samsung will continue to closely monitor the situation until the software fix has been made available to all affected mobile devices"

--
»bit.ly/gUqYaH - C. Brian Smith: Think of the exclamation point as a car horn: a little goes a long way. Lay on it too hard and everyone’s going to think you’re a moron.



Smokey Bear
veritas odium parit
Premium
join:2008-03-15
Annie's Pub
kudos:4
reply to Smokey Bear

Third-party fixes: I will only mention Chainfire's fix. It's the only one that is secure. Both Supercurio's and RyanZA's method leave you with easily exploitable holes any serious malware author will abuse.

About Chainfire's fix

said by Chainfire :
This is an APK that uses the ExynosAbuse exploit (by alephzain) to be able to do various things on your Exynos4 based device.

Features for non-rooters:
- Securely patch the exploit

Features for rooters:
- Root the device (SuperSU v0.99)
- Enable/disable the exploit at will
- Enable/disable patching the exploit at boot
- Unroot and cleanup (optionally leaving the exploit patch at boot in place)

Please note that patching the exploit may break camera functionality, depending on device and firmware. Also note that if use the patch method without rooting, or keep patching the exploit at boot enabled when unrooting, you need an alternate method to re-root the device to disable this feature (like CF-Auto-Root) - you cannot use ExynosAbuse to do this since it patched the exploit. Unlike other patch authors, I do not believe in keeping an invisible rooted process running in the background while pretending you aren't rooted, to be able to unpatch this way.

While the exploit patches work (aside from possibly disabling your camera), these are more work-around than actual fixes. A proper patch would be a kernel fix, either from a third party or Samsung themselves.
Download the fix here: »forum.xda-developers.com/showthr···=2050297

Note: please do not redistribute the fix!
--
»bit.ly/gUqYaH - C. Brian Smith: Think of the exclamation point as a car horn: a little goes a long way. Lay on it too hard and everyone’s going to think you’re a moron.

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5
reply to Smokey Bear

That's nice they are fixing that hole but what about the TV hole? I have a Samsung Smart TV with web browser that is connected to the internet (although it is disconnected at the moment but that is because I think the cable is bad). I don't have a Samsung phone. Are they ignoring the vulnerability on the TV's?
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson



Smokey Bear
veritas odium parit
Premium
join:2008-03-15
Annie's Pub
kudos:4

This thread is about the ExynosAbuse exploit, is your TV a device that is vulnerable to that specific exploit?



lordpuffer
RIP lil
Premium
join:2004-09-19
Rio Rancho, NM
kudos:2
Reviews:
·CableOne

1 edit

1 recommendation

reply to Smokey Bear

Re: Extr. critical vuln. Samsung Android devices [*CONFIRMED*]

Smokey.....It looks like the Galaxy Nexus is not mentioned. Am I correct in assuming that it is not vulnerable to this exploit since it is not Exynos4 based?

Edit: I just answered my own question.


Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5
reply to Smokey Bear

Re: Extremely critical vulnerability Samsung Android devices

I think they are different exploits although I know zero about cell phones exploits as I don't have one or want one - I happen to like privacy which is impossible if you have a cell phone. I was just wondering why Samsung is so fast to fix a cell phone exploit but they have said nothing about fixing the TV exploit on their Smart TV's. I'd think they sell a lot more TV's than cell phones and would be concerned about fixing it.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson


art22gg
Premium
join:2005-02-16
Courtenay, BC
kudos:6
Reviews:
·Shaw

said by Mele20:

I'd think they sell a lot more TV's than cell phones and would be concerned about fixing it.

On the contrary,just the opposite,according to the latest data (wiki) Samsung has 25% of the market share on cell phones,while its TV sales are at 17% market share....(leaders in both)


Smokey Bear
veritas odium parit
Premium
join:2008-03-15
Annie's Pub
kudos:4
reply to lordpuffer

Re: Extr. critical vuln. Samsung Android devices [*CONFIRMED*]

said by lordpuffer:
Edit: I just answered my own question.



siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
reply to Mele20

Re: Extremely critical vulnerability Samsung Android devices

Samsung has not been very forthcoming at all.
The smart-TV vuln is confirmed but there is not much available information.



siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
Reviews:
·Bell Sympatico
reply to Smokey Bear

Re: Extr. critical vuln. Samsung Android devices [*CONFIRMED*]

Samsung promises fix for vulnerability in Android devices

quote:
Samsung said Wednesday it is working on an update for a software flaw that could allow attackers to siphon personal data from a phone.

The vulnerability affects Samsung's S2 and S3 phones and several models of its Galaxy line, including the Note, Note II, Note Plus and Note 10.1, all of which use the Korean company's Exynos 4210 and 4412 model processors.

Article

If this article cites nothing newer than previously discussed in this thread, then, it's a small contribution to what has already been found and discussed. If findings work for some or for all, so be it.

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5
reply to art22gg

Re: Extremely critical vulnerability Samsung Android devices

Ok....but I would think TV saturation is greater than cell phone (although I realize cell phone saturation is high). Of course, we don't know the percentage of Samsung cell phones with internet access (or do all of theirs have it?) nor do we know the percentage of Samsung TVs that are sold with internet browser access. So, I am not sure those figures are especially accurate...but they are interesting.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson