Samsung Galaxy backdoor discovered by developer

News 13 Mar, 2014

Vulnerability allows for remote read/write capabilities.

An Android developer has discovered a backdoor in a number of Samsung Galaxy smartphones that could enable remote wiping.

According to Paul Kocialkowski, who detailed his discovery in a guest post on the Free Software Foundation blog, modern smartphones have two processors: one running the main operating system – in this case, Android – while the other, known as the modem, baseband or radio, is in charge of communications with the mobile telephony network.

“This [second] processor always runs a proprietary operating system,” he said.

“These systems are known to have backdoors that make it possible to remotely convert the modem into a remote spying device,” he claimed.

Kocialkowski said this can involve the device’s microphone, GPS locator, camera, and/or data stored on the phone.

He claimed while working on Replicant, a fully free version of Android, he and his team discovered the Samsung programme running on the applications processor in charge of handling the communication protocol.

“[It] actually implements a backdoor that lets the modem perform remote file I/O operations on the file system,” said Kocialkowski.

“This programme is shipped with the Samsung Galaxy devices and makes it possible for the modem to read, write, and delete files on the phone’s storage ... [and] runs with sufficient rights to access and modify the user’s personal data,” he claimed.

Replicant has consequently published a patch that replaces the Samsung-RIL library, which, it is claimed, closes the backdoor. More information on the backdoor and access to the patch are available at the Replicant wiki.