A vulnerability has been revealed to affect Samsung smartphones that could allow an attacker to gain administrative access to the devices through any application.
Posting on the XDA Developers forum, ‘Alephzain' published details about the flaw that described the security hole that lies within a Samsung headset kernel and affects all devices that run using the Exynos 4210 and 4412 processor.
Affected devices include the Samsung Galaxy Note 2, Galaxy S3, Galaxy S2, Meizu MX – and potentially other Samsung products.
This would allow access to all physical memory on the device and in the worst-case scenario, it to be stolen or erased by an attacker who uses an app to exploit the flaw, according to Alephzain.
They said: “The good news is we can easily obtain root [access] on these devices, and the bad is there is no control over it.”
So far, the flaw doesn't appear to have been publicly exploited. On Monday, Joseph Hindy, another member of the developer forum, published additional details about the vulnerability.
Hindy said: “Essentially, this exploit can be used to root any device with the aforementioned processors. What's more, this method wouldn't require an Odin flash like most current root methods.
“However, this exploit could be dangerous. Not only could be used to acquire root access, but for malicious applications as well. So developers will have a fun time helping to fix the issues while using the exploit for root.”
A spokesman for Samsung told SC Magazine US that the company was "currently in the process of conducting an internal review"' on the issue.
Trend Micro technical communications expert Jonathan Leopando said: “It is possible that any device running an Exynos SoC and running newer versions of Android (Ice Cream Sandwich or later) could be at risk. Earlier versions of Android did not have the kernel device which was called in newer versions, so they are not at risk from this issue.
“As a practical matter, there are no good steps users can take to mitigate this threat. It is possible to download apps that disable access to system memory, but this also breaks key functions such as the phone's camera. It is up to Samsung to patch this threat permanently.”