Due to the open-source nature of Android, maintaining its security is an ongoing and trying task, but while there are plenty of scam-artists creating malicious software and trying to poke holes in various apps and services, there are still plenty of developers and security experts trying to stem the tide. The developer behind Replicant, which provides free, open-source alternatives to proprietary Android systems (read: OpenOffice-like, but for Android), has discovered a flaw in certain Galaxy devices that could potentially allow an intruder to remotely “read, write, and delete files on the phone’s storage.”
Disconcertingly, the security hole supposedly has the necessary requirements not only to access a user’s personal data, but to modify it as well, and so after grabbing hold of potentially sensitive information, an unscrupulous individual could also go ahead and delete or rename it. Worse, since the bug enables an attacker to write information, there’s nothing to stop a covert listening app from being placed into the mix for the logging of further information, and the potential implications of this alleged breach don’t make for happy reading.
The issue stems from the fact that mobile devices use more than one processor. Apps run through one of these processors, while communications are manned through an entirely separate entity. But the communications processor, or baseband processor, as it is known, is a disaster waiting to happen in some Galaxy devices due to the fact that it is run by the Korean company’s own proprietary software, which is, according to Replicant, susceptible to back door exploitation.
There is no proof of concept attached to these claims, and since Replicant also noted in a blog post that one of its own, free alternatives would amend the issue, this may be a not-so-thinly-veiled measure to attract more users.
A range of Samsung-manufactured devices, ranging from the Nexus S, Galaxy S, S2, and S3 are all said to be affected, as well as the likes of the Galaxy Tab 2 10.1. Samsung has yet to pass comment on the issue, but hopefully, will release some kind of reassuring statement in the near future.
We’ll be sure to update you with any official word, as well as any remedial software update, so stay tuned to our coverage here at Redmond Pie.