Vulnerability Said To Leave Galaxy S III, Galaxy Note II Open To Malware, Samsung “Conducting Internal Review”

Thanks to XDA-Developer forum user alephzain, word is reaching the masses that a potential “severe vulnerability” exists in the Samsung Galaxy S III, Galaxy S II and Galaxy Note II along with several other Samsung devices. This vulnerability could provide a malicious way for remotely downloaded apps to read user data, brick phones and perform other malicious activities. In other words, this hole could allow a malicious app free reign over your smartphone’s memory, and basically take complete control of your device. Prepare tin foil hats.

“The good news is we can easily obtain root on these devices and the bad is there is no control over it,” alephzain writes.

Another XDA-Developer user, supercurio says Samsung has been notified of the security hole, but had not yet acknowledged the issue. That is until this morning when Samsung dropped word to Android Central that they are “currently in the process of conducting an internal review” in reference to the security hole. Supercurio says the potential exists for millions of devices to be in harms way, especially those with Exynos 4210 and 4412 processors that use Samsung code. Another XDA user, Entropy512 adds “this exploit changes things — there is a no root exploit that can be used by an app straight from the market, in the background, with little to no user intervention.”

At the time, we’d say go about your business and let Samsung do its thing and hope that this suspected security hole isn’t around for long.

Note: The Samsung Galaxy S III on T-Mobile uses a Qualcomm chip, so it won’t be affected, nor will the Galaxy S II, but the Note II does use an Exynos processor. 

XDA Developers via The Verge, Android Central

Tags: , , , , , ,

  • contriver87

    The T999 has a Snapdragon instead of an Exynos so it isn’t affected by this.

    • Jose Hernandez

      The T-Mobile version of the Galaxy S3 does have the Snapdragon, All of the US variants should have the Snapdragon chip. However, if anyone if the US got the international version of the S3 they need to know about this. Also the Note2, if I am not mistaken, has the Exynos chip. It is good to know either way.

      • contriver87

        The only phone model that T-Mobile sells that is affected is the Note 2. Additional international versions that are affected include the Galaxy S III, Galaxy S II, and Galaxy Note (1).

        • mingkee

          …and Galaxy Tab Plus will be affected as well.

  • auser72

    Samsung and every other major cellphone manufacturer needs to hire xda developers as consultants, if they hadn’t already.

    • sino8r

      Trust me… quite a few are, lol! Ever hear of Cyanogen ;)

  • od312

    It’s probably Apple behind this. Lol

    • mingkee

      It’s CPU design flaw and there’s nothing to do with any other manufacturer.

    • od312

      Joke. Geez

  • TexasGreat

    Yeah, but the slooooooooow process of receiving any udates/upgrades from T-Mobile kinda re-kindles my emotions! I purchased my GN2 on opening day, and it needed the 4.1.2 update right out of the box. Now months later, still no update, and some dev found and exploit. I wonder how long the “snails” at t-mobile will take on this one?

    • http://pharaohtechblog.blogspot.com/ Conan Kudo (ニール・ゴンパ)

      Once Samsung issues a fix, you can bet that T-Mobile will turn around and issue it right away. It’ll probably get packaged in with other fixes that are currently pending. I’m not worried about T-Mobile’s reaction time. I’m more worried about Samsung’s.

  • mingkee

    US variants of S3 should be fine because the CPU is Snapdragon.

  • sino8r

    For those with a Note 2, the guys at xda created an app to seal up the exploit. Go check it out of you’re paranoid or cautious user ;) The only drawback is it disables the camera but it can be turned on and off via app. I’m sure my fellow members are working on a better fix with no breakage at the moment.