Samsung's most popular mobiles could be vulnerable to app-based attacks, a developer says, thanks to a security wobble in Samsung's own-brand Exynos 4 processor.
XDA Developers member alephzain says they discovered the potentially damaging problem when investigating new ways to root the Samsung Galaxy S3. The vulnerability lies within Samsung's Exynos 4 chip, and means any app could -- in theory -- extract data from a phone's RAM or shoot a jet of molten malicious code directly into the kernel.
"RAM dump, kernel code injection and others could be possible via app installation from Play Store," alephzain writes. The Galaxy S2 and Galaxy Note 2 could also play host to the same security hole.
"The good news is we can easily obtain root on these devices," the original post reads, "and the bad is there is no control over it."
It seems users have been able to plug the hole with some industrious tinkering, though adjusting the smart phone's code appears to be disabling the S3's camera. I've contacted Samsung about the reported vulnerability and I'll update this story if I hear back.
Update: Samsung has been in touch to say, "We are currently in the process of conducting an internal review."
Issues in code are to be expected, but it's up to manufacturers to make sure their gadgets don't leave customers exposed. If something in Samsung's code really opens the possibility that smart phone owners could have their mobiles meddled with, here's hoping it gets patched quickly.
Are you using one of Samsung's smart phones? What do you think of it? Tell me in the comments or on our Facebook wall.
Android App 
RSS Feeds 
iPhone App 
Newsletters 
24 month contract
24 month contract
Comments 19
Add your comment
anonymous 17 December, 2012 13:03
Wintel machines must have had over a million patches over the years, but that did not stop wintel from selling a gazillion units.
It Is quite clear that this is a lame attempt to bad mouth Samsung Galaxy and Note handsets.
Doesn't matter. People Will be buying a gazillion units and ignore silly articles like this.
damien2501 17 December, 2012 16:07
Bring on the touchy fanboys
anonymous 17 December, 2012 17:32
Samsung have no vested interest in keeping out these problems.
Their priority will be to move on to the next line of new models, when they will dump support for the current line-up.
bijuvarghese 17 December, 2012 18:37
I have samsumg galaxy s3 now my galaxy back cover is brocken
anonymous 17 December, 2012 18:40
WTF WHO CARES SAMSUNG IS THE BEST!! THEY MAKE THE BEST PHONES!!! APPLE SUCKS!!!!!!!!!!!!!!!! THEY MAKE BABY PHONES!
anonymous 17 December, 2012 18:57
@bijuvarghese don't break it then
And here's the proof that Damien 2501 is a true Samsung hater and has got nothing better to do than to go on to articles he has no interest in and write comments lol hahahahaha
CaptainPicard 17 December, 2012 19:06
This is not a huge issue for the vast majority of Droid owners or Samsung mobile owners. Despite some peoples perceptions, not all apps on Google Play are dodgy or fake or a virus. The major apps, the top downloads paid and free, won't do the stuff the article above says because millions of people use those apps and are constantly being monitored by developers and tech sites. As for the other apps only a person who is new to Android or an idiot will download an app without reading the reviews or without checking how many people downloaded it first.
CaptainPicard 17 December, 2012 19:18
And if you have a problem with your imaginary S3 contact Samsung or someone who cares instead of telling people on here. There is no way we can verify what phone people on this page have unless CNET introduces a system like Google Play which states which device people are using.
Loadit 17 December, 2012 20:18
@ bijuvarghese
You must have been holding it wrong.
anonymous 18 December, 2012 02:00
@CaptainPicard 17 December, 2012 19:06
"As for the other apps only a person who is new to Android or an idiot will download an app without reading the reviews or without checking how many people downloaded it first".
Unfortunately many don't heed that sound advice.
Hence the tens of thousands of malicious apps out there.
The Bad Guys are getting plenty of success; so much so that they've turned most of their efforts towards the Android platform. Which is a great shame and something has to be done about it.
anonymous 18 December, 2012 06:55
And Bluetooth low energy does also not work on thd S3
CaptainPicard 18 December, 2012 09:45
@anon 2:00 Yeah I agree something has to be done about it but it hasn't stopped Android from growing. So its not as bad as some people believe it to be.
anonymous 18 December, 2012 10:35
@damien2501
But you are already here (such a fanboy troll)
Malware is easily avoid by using common sense and something free like AVG (also its good if you lose your phone)
anonymous 18 December, 2012 21:54
@CaptainPicard 18 December, 2012 09:45
" I agree something has to be done about it but it hasn't stopped Android from growing."
Well no. Android is growing not out of choice for any operating system, but because it's the OS on the vast majority of low priced and mid priced phones.
The vast majority of people are choosing a phone, mostly oblivious to what OS it runs. That Applies to the iPhone too. Ignorance about OS's extends to blind ignorance about the risks of Malware as well.
CaptainPicard 20 December, 2012 00:20
Isn't it on the vast majority of lower end phones because people want it? There are/were other OS's out there like Bada, Symbian and BlackBerry OS but they don't offer what Android offers. Plus, people with lower end Droids are more safer and don't have to worry much than those with higher end ones because they can't download sophisticated banking apps and probably won't have got their handset on contract, which makes fraud less likely and if they get a virus they won't lose as much money, because they didn't spend a fortune on their phones.
anonymous 20 December, 2012 12:28
@CaptainPicard 20 December, 2012 00:20
Sorry to burst your bubble. I work in the industry and with my colleagues sell a couple of hundred contracts and PAYG phones every week.
In the overwhelming majority of cases people are buying phones not OS's.
At the more expensive end the Galaxy S3 and Galaxy Note 2 get prominent place in the store with not one, but two stands. People looking at these have often seen a friends phone and rather fancy the big screen and features. There’s no doubt that the product has “shelf appeal” and is presented and promoted accordingly.
The fact that it runs on the Android OS is normally of no more consequence than if it ran on the Bread and Butter pudding OS or whatever. It’s the phone they are interested in.
Popular questions include does it do email, does it do Facebook? etc. ...and how much will it cost. Rarely do I get asked about the OS, but when they do it’s usually with some doubt about Android. Is it OK? Is it as good as the iPhone etc. Naturally I reassure them that it’s just as good or better (we have to lay that on a bit thick though to get the sale) and it will be fine.
When it comes to the cheaper offerings, we have a large range of different phone models from various manufacturers. We “push” certain brands on certain contracts.
The choice is usually Android, Android or Android, but we still see interest in Blackberry although that continues to diminish..
The emphasis here is normally on the phone itself and how much will it cost (contract or PAYG). The OS is of no consequence, but there are still a lot of people who say they can’t afford an iPhone, or there are school kids who wanted either an iPhone or top end Android, but Mum and Dad will (sensibly) not spend that sort of money on them, so it’s Android or lump it, although that thinking about the OS is normally completely absent.
So the point is, if you think the popularity of smartphones running the Android OS is down to people choosing that OS over another, then nothing could be further from the truth.
The primary choices are over the phone itself, what it will cost, incentives and special deals and what sort of contract or PAYG deal.
I hope that clears that up for you?
CaptainPicard 20 December, 2012 15:46
^Well everyone I know, which isn't a significant percent of the population, brought their phone because of the numerous factors but also because of the OS.
And oh, now you mention you work in the industry? Could you prove that?? Maybe in your imaginary world. Soo many people on this page say they got an iPhone or an S3 and make up some remark about it, in your case its an imaginary job.
anonymous 24 December, 2012 03:53
Well that's that then. I will return my GS3, sue Samsung over this atrocious security flaw, demand the resignation of its CEO and live in a cave for the rest of my existence.
Bipin Thumar 28 January, 2013 10:44
I HAVE SAMSUNG GALAXY S3 and using software running version 4.1.1.
I have problem is: i have put my phone on charging and after full of battery see Blue blinking light but display not on.
After that had remove battery and start again but it’s not restarted.
It’s totally dead position.
Please give me solution if any one have it….