Potentially Dangerous Root Exploit Found for Some Galaxy S3 and Galaxy Note 2 Devices

[SomeDudeAsking]

This security vulnerability is for some version models of the [international Samsung Galaxy S3] and some versions of the [Verizon / international Galaxy Note 2]. North American versions of the Galaxy S3 are not affected. It requires stock software. Custom ROMs should not be affected. North American versions of the Galaxy Note 2 are not affected at this time other than the Verizon version.

The original developers thread over at XDA where this was discovered is:

http://forum.xda-developers.com/showthread.php?t=2048511

If you want to root your affected device with this exploit, you can get instructions at:
http://forum.xda-developers.com/showthread.php?t=2050297


Here is some press coverage from TheVerge:

Serious vulnerability reportedly leaves Samsung Galaxy S III and other devices wide open to malware

User alephzain at xda-developers reported yesterday that they have identified a severe vulnerability in the Samsung Galaxy S III, Galaxy S II, Galaxy Note II, and potentially several other devices, that could give remotely downloaded apps the ability to read user data, brick phones, or perform other malicious activities. "The good news is we can easily obtain root on these devices and the bad is there is no control over it," alephzain writes. While many vulnerabilities that pop up require physical access to a phone, multiple developers indicate that this newly-identified issue is far more severe, since it could allow apps downloaded from the Google Play Store an easy way to exploit the devices.

According to xda-developers user supercurio, Samsung has been made aware of the security hole, but the company has not publicly acknowledged the issue. It's not clear what the risk is for users at this point — the vulnerability appears to only now be gaining publicity — but supercurio notes that "millions of vulnerable devices are out there now." (The vulnerability is suspected to potentially affect all devices with Exynos 4210 and 4412 processors that use Samsung code.) User Entropy512 adds that "this exploit changes things — there is a no root exploit that can be used by an app straight from the market, in the background, with little to no user intervention." We have reached out to Samsung for comment and will update you if the company responds.

http://www.theverge.com/2012/12/16/3773550/samsung-galaxy-s-iii-galaxy-note-ii-serious-vulnerability

This vulnerability requires you to download and run malicious apps onto your device to be affected.

 

[roxxette]

O M G !

 

[siiip5]

This vulnerability requires you to download and run malicious apps onto your device to be affected.

I think the whole article could be summed up with just this sentence. Or just one word: "Duh"

 

[munkery]

I think the whole article could be summed up with just this sentence. Or just one word: "Duh"

This is a privilege escalation bug that allows the installation of more malicious malware such as premium rate SMS and banking malware. These types of malware can't be installed without privilege escalation.

This exploit wouldn't be exploitable if Android used a Mandatory Access Control (MAC) based sandbox like the MAC sandbox used in iOS.

 

[Zwhaler]

SOunds like you'll be safe if you don't torrent apps, basically.

 

[blackhand1001]

SOunds like you'll be safe if you don't torrent apps, basically.

Pretty much. Android malware is such an overblown issue. This doesn't even effect the US version of the galaxy s3.

 

[munkery]

Pretty much. Android malware is such an overblown issue. This doesn't even effect the US version of the galaxy s3.

455 malicious apps found in Google Play this month.

These malicious apps included SMS and banking malware.

http://www.techweekeurope.co.uk/news/455-malicious-apps-google-play-102546