An Android analyst at the xda developers forum discovered a root exploit that could gain control of the whole device. The vulnerability was found by a person known as ‘alephzain’ and as described by him was able to perform rooting on the device without flashing through ODIN. This process can be used by cybercriminals to install malicious applications and compromise the phones that are vulnerable.
Samsung devices with Exynos 4210 and 4412 processors are affected since the memory in Exynos gives full read/write permissions to the user. The affected devices are Samsung S2, Samsung S3, Galaxy Note, Galaxy Note II, Galaxy Note 10.1, Galaxy Tab 2 and several Galaxy Player models. Nessus 10 is not harmed by the exploit since it has an Exynos 5 processor and not 4.
“Ram dump, kernel code injection and others could be possible via app installation from Play Store. It certainly exists many ways to do that but Samsung give an easy way to exploit. This security hole is dangerous and expose phone to malicious apps. Exploitation with native C and JNI could be easily feasible.” alephzain said on the forum.
Another member from xda developers by the name ‘Chainfire’ has made an application named ExynosAbuse APK that allows disabling the exploit. The drawback of beating the exploit through this app makes the camera nonfunctional and most of the users do not want to danger the camera operation. He says it is best until the respective developers come up with a solution since his app is only a workaround and not a permanent fix.
Samsung was not available for comment but had been made aware by Chainfire by flagging his post to its engineers. When you install an app to the Android device make sure it is downloaded from Google play rather from a third party source and also scan the app using antivirus software.