Samsung Galaxy S3, Galaxy Note 2 and others hit by security flaw

Samsung's Galaxy S3 and Galaxy Note 2 smartphones, as well as all other Exynos 4-based devices, are vulnerable to serious malware attack

17 Dec 2012
Samsung Galaxy S III

Samsung's Galaxy S3 and Galaxy Note 2 smartphones have been revealed to suffer from a security flaw found in their Exynos ARM-based system-on-chip (SoC) processors, which could lead to users' personal data being exposed to malware.

First spotted by a user on the XDA Developers forums, the flaw affects all Android-based Samsung devices that use the Exynos 4210 and 4412 system-on-chip processor - including the Galaxy S2, Galaxy S3, Galaxy Note, Galaxy Note 2 and Galaxy Note 10.1, but not the cut-down Galaxy S3 Mini, which uses a different processor. The Samsung-manufactured Nexus 10 tablet, meanwhile, also escapes the bug as it uses the next-generation Exynos 5-series processor rather than the Exynos 4 family.

Currently, the flaw is not known to be exploited in the wild except for an application designed to allow users to 'root' their handsets - a process analogous to 'jailbreaking' an iPhone - without the need to connect the handset to a computer and use third-party software. The developer who discovered it, however, warns that it could be potentially serious: allowing full read/write access to the device's memory, the flaw allows malware to read personal details - including usernames and passwords - or patch itself into other applications, such as to record telephone calls or text messages. The vulnerability could even be used to trigger the device's microphone or camera remotely.

So far, there is no news of an official patch from Samsung, with some researchers releasing a third-party unofficial patch to work around the flaw.

Read more