Samsung devices allegedly have a backdoor for remote access: Here’s all you need to know

Samsung devices under threat? 
- Advertisement -


If you are a power Android user, chances are you have heard of Replicant, the Android fork that is built with security and encryption at its heart. On Wednesday, its developers published a shocking report that said Samsung’s Galaxy S3, Note 2, and other devices have a backdoor that could give anyone remote access to data stored on the devices, and also cause mischief. The full list also includes the Nexus S and the Galaxy Nexus smartphones, along with the Galaxy S2, Galaxy Note and the two Galaxy Tab slates.

In a published proof-of-concept (POC), Replicant said the code controls the baseband or modem processors of these devices allowing anyone with the right tools to remotely read, write, or modify users’ files. They could theoretically listen in on all your calls, read your messages before they come to you and even force your phone to make calls. This is no doubt a serious allegation and one that could wreck Samsung’s reputation.

“Provided that the modem runs proprietary software and can be remotely controlled, that backdoor provides remote access to the phone’s data, even in the case where the modem is isolated and cannot access the storage directly,” said Paul Kocialkowski of the Free Software Foundation (FSF), which reported the finding. He then went on to rail against proprietary software, before plugging Replicant. “Our free replacement for that non-free program does not implement this backdoor. If the modem asks to read or write files, Replicant does not cooperate with it,” he said.

The Replicant plug seems tasteless given the issue at hand, and some experts say FSF’s reputation of being anti-proprietary software has influenced the maginitude of their claims.

Azimuth Security’s senior researcher Dan Rosenberg told Ars Technica that these claims are a bit far-fetched. Debunking FSF’s report, Rosenberg was quoted as saying. “There is virtually no evidence for the ability to remotely execute this functionality.”  He said the proprietary protocol implemented by Samsung is intended to allow communication between the baseband and the application processor, allowing the former to read and write files on the latter, in case of fixing problems with the modem. “However, the authors provide no evidence of such a “remote control” mechanism. The FSF has a known agenda against proprietary software, and I think that agenda resulted in them creating a narrative that would cause perhaps more outrage than is warranted,” he said.

He also said that the amount of data that can be read or written to by this functionality is limited, allowing only access to radio functionality, plus information stored on the SD card. The reason the possibility exists is “to allow the modem to write diagnostic files to Android storage in order to assist with identifying and fixing problems with the modem,” he said. But this doesn’t mean there’s a way a remote attacker could access the same. Even Replicant says that the SELinux module, introduced since Android 4.2 and fortified with ‘Enforcing’ state in Android 4.4, restricts the modem’s access to certain files, including those on the internal SD card. So it would not be of much use to any potential attacker.

Another security expert told XDA Developers on the condition of anonymity that “the way in which the proof-of-concept attack was framed by the Replicant team was a bit misleading.” The source said that if a user is running an updated version of the official firmware, which is the case for high-end devices with the latest software patches, this attack will not work.

We are yet to hear Samsung’s response to these allegations, and with experts picking out the holes in Replicant’s POC, there’s no reason yet to ditch your Galaxy device.

- Advertisement -

Related Articles

What is SLED, how realme gave TV industries a new look with the help of this technology?

Realme has also made a strong place in the TV segment after smartphones. The company has used SLED technology in its TV segment which...

PUBG Mobile will not return to India, PUBG Mobile Ban in India Permanent for now

PUBG News: Several Chinese apps were banned by the Indian government, including the popular Battle Royal game PUBG Mobile. The game had a large...

Samsung Galaxy A42 5G may be launch with the latest Snapdragon 750G processor, the report reveals

Samsung's upcoming smartphone Samsung Galaxy A42 5G has been in the discussion for a long time. Recently...

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Stay Connected

43,178FansLike
535FollowersFollow
45,700SubscribersSubscribe

Latest Articles

What is SLED, how realme gave TV industries a new look with the help of this technology?

Realme has also made a strong place in the TV segment after smartphones. The company has used SLED technology in its TV segment which...

PUBG Mobile will not return to India, PUBG Mobile Ban in India Permanent for now

PUBG News: Several Chinese apps were banned by the Indian government, including the popular Battle Royal game PUBG Mobile. The game had a large...

Samsung Galaxy A42 5G may be launch with the latest Snapdragon 750G processor, the report reveals

Samsung's upcoming smartphone Samsung Galaxy A42 5G has been in the discussion for a long time. Recently...

How To Protect Your Smartphone From Hackers, then follow these Tips

protect your smartphone from hackers: Smartphone usage has increased sharply in the Corona era, so hacking cases...

Vivo launched its first Smartwatch Vivo Watch equipped with a heart rate and blood oxygen sensor

Vivo has launched its first smartwatch Vivo Watch. This latest smartwatch has been made available in 42mm...