The usual suspects from over at the XDA Developers Forum have found a flaw that affects a bunch of Samsung handsets. The flaw supposedly would allow attackers to enjoy unauthorized access to target devices.
“Alephzain” – the member of XDA is the one who has claimed to find the flaw and stated; “The security hole is in kernel, exactly with the device /dev/exynos-mem.”
For those of you who are unaware, Exynos is the name of the ARM based System on Chip (SoC) that Samsung extensively uses on many of its high end devices.
Alephzain adds; “The good news is we can easily obtain root on these devices and the bad is there is no control over it.Ram dump, kernel code injection and others could be possible via app installation from Play Store. It certainly exists many ways to do that but Samsung give an easy way to exploit. This security hole is dangerous and expose phone to malicious apps. Exploitation with native C and JNI could be easily feasible.”
Other knowledgeable members of the forum too have chipped in and have also provided an exploit for the flaw and has warned that using it, any application installed on the phone can use it to gain root without asking – and also without any permissions on a vulnerable device. The XDA community is also hoping for some fixes to be provided by Samsung to patch the security hole.