Developers at the xda developers forum have discovered a vulnerability in Android devices using the Exynos family of System-on-Chip (SoC) processors. Our researchers have independently verified the vulnerability and as a result, we have released the relevant protection for Trend Micro Mobile Security users.
The vulnerability allows any installed app to access the entirety of the phone’s memory. An attacker could trivially use this vulnerability to gain root access, thereby gaining complete control over the device. Potentially, this is as serious as remote code execution vulnerability on Windows.
The underlying cause is because Samsung’s memory device driver has no protection, making it open to all installed app with default privilege. Thus, all processes can read and write the whole system memory that may compromise the device.
Currently, the following devices and their variants are known to be vulnerable to this problem:
- Samsung Galaxy Note
- Samsung Galaxy Note 2
- Samsung Galaxy Note 10.1
- Samsung Galaxy S2
- Samsung Galaxy S3
- Samsung Galaxy Tab Plus
However, it is possible that any device running an Exynos SoC and running newer versions of Android (Ice Cream Sandwich or later) could be at risk. (Earlier versions of Android did not have the kernel device which was called in newer versions, so they are not at risk from this issue.)
As a practical matter, there are no good steps users can take to mitigate this threat. (It is possible to download apps that disable access to system memory, but this also breaks key functions like the phone’s camera.) It is up to Samsung to patch this threat permanently.
In the meantime, we have released a pattern which will detect apps that attempt to exploit this vulnerability. Users whose devices have Trend Micro Mobile Security are encouraged to update their devices with the latest pattern for protection until the said vulnerability is fixed.