Samsung Galaxy S3, Galaxy Note 2 security fix in the works

Samsung has confirmed it is working on a fix for the security hole in its Enynos-powered devices, but has downplayed the severity of the memory-access glitch

20 Dec 2012
Samsung Galaxy S III

Samsung has responded to reports that its Exynos 4-based products, including the Galaxy S3 and Galaxy Note 2, contain a serious security flaw that allows an attacker complete control over the device, admitting that the issue exists and promising a fix as soon as possible.

The flaw, which is present in all known Exynos 4-based devices in the Galaxy family, allows an attacker full read and write access to the smartphone or tablet's memory - giving complete control over the device in question. As well as being able to modify running applications or install unauthorised software, the flaw allows an attacker to access usernames and passwords, monitor voice and data traffic, and even to activate microphones and cameras for remote spying.

While Samsung has admitted that the flaw exists, the company claims it's not as serious as the security community is making out. "The issue may arise only when a malicious application is operated on the affected devices," a company spokesman pointed out in a statement to press late last night. "This does not affect most devices operating credible and authenticated applications."

Despite this, Samsung claims to be taking the problem seriously and is working on a fix to address the issue. Although third-party patches exist to resolve the problem, these require a phone running unofficial software - a process known as 'rooting' in the Android community - and can cause problems with using the camera application, which is tied into the memory access enabled by the security flaw.

Sadly, Samsung has not offered a timescale for fixing the issue, stating only that it will "monitor the situation until the software fix has been made available to all affected mobile devices."

Read more