{"id":2995,"date":"2014-03-18T10:00:18","date_gmt":"2014-03-18T14:00:18","guid":{"rendered":"http:\/\/me-en.kaspersky.com\/blog\/?p=2995"},"modified":"2020-02-26T18:58:21","modified_gmt":"2020-02-26T14:58:21","slug":"popular-samsung-devices-allegedly-contain-backdoor","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/popular-samsung-devices-allegedly-contain-backdoor\/2995\/","title":{"rendered":"Popular Samsung Devices Allegedly Contain Backdoor"},"content":{"rendered":"<p>A number of Samsung\u2019s popular Galaxy devices <a href=\"https:\/\/threatpost.com\/backdoor-in-samsung-galaxy-devices-could-give-attackers-remote-control\/104776\" target=\"_blank\" rel=\"noopener nofollow\">reportedly<\/a> contain an alleged <a href=\"https:\/\/www.kaspersky.com\/blog\/a-malware-classification\/\" target=\"_blank\" rel=\"noopener nofollow\">backdoor<\/a> that could give attackers remote control of vulnerable handsets, effectively turning successfully exploited phones into mobile spying machines.<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2014\/03\/05111142\/backdoor-1.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-4108\" alt=\"backdoor\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2014\/03\/05111142\/backdoor-1.jpg\" width=\"640\" height=\"480\"><\/a><\/p>\n<p>If that last sentence reads a bit reluctant, it\u2019s because there\u2019s been some dissent regarding whether or not Paul Kocialkowski\u2019s research constitutes a stand-alone-backdoor-vulnerability.<\/p>\n<p>The vulnerability is said to be present on \u201cmost proprietary Android systems\u201d (in other words, almost all the builds that are developed commercially). The Galaxy Nexus S, S2, S4, Note, Note 3, Nexus, both the seven-inch and 10.1-inch Tab 2, and the Note 2 are all among the devices containing the alleged backdoor.<\/p>\n<p>In quite simple and broad terms, these <a href=\"https:\/\/www.kaspersky.com\/blog\/galaxy-s5-nokia-x-and-everything-else-a-peek-into-the-mobile-industry-future\/\" target=\"_blank\" rel=\"noopener nofollow\">Samsung devices<\/a> have built-in modems that are capable of reading, writing, and deleting files stored on the phones afflicted by the bug. More specifically, the problem exists in something called \u201cAndroid\u2019s Radio Interface Layer.\u201d The program is a kind of modem driver installed on all of the above devices. As this radio is a program that runs on each smartphones central processing unit, it\u2019s naturally able to read and write files stored on the device filesystem. Replicant developers discovered a set of commands, which could be issued by a modem and executed by the driver in order to manipulate the filesystem.<\/p>\n<div class=\"pullquote\">The real problem for users of Google\u2019s mobile operating system has to do with Android\u2019s nearly non-existent security update and patching processes.<\/div>\n<p>The researcher who discovered the issue \u2013 <a href=\"http:\/\/www.replicant.us\/2014\/03\/unveiling-the-samsung-galaxy-back-door\/\" target=\"_blank\" rel=\"noopener nofollow\">the developer of an open source Android distribution called Replicant<\/a> \u2013 was not certain whether this set of permissions were built into these devices intentionally or by mistake. Either way, he claims such an allowance unacceptable.<\/p>\n<p>You may be asking yourself, \u201cSo the modem can read, write, and delete files, but how do I access the modem in order to perform these actions?\u201d And that is a very important question indeed \u2013 one that has been heavily discussed in the days following the initial reporting on this bug.<\/p>\n<p>As was noted by Azimuth Security researcher Dan Rosenberg in <a href=\"http:\/\/arstechnica.com\/security\/2014\/03\/virtually-no-evidence-for-claim-of-remote-backdoor-in-samsung-galaxy-phones\/\" target=\"_blank\" rel=\"noopener nofollow\">an Ars Technica article<\/a> published Thursday, the researchers claiming to have discovered the backdoor had to perform a separate <a href=\"https:\/\/www.kaspersky.com\/blog\/exploit\/\" target=\"_blank\" rel=\"noopener nofollow\">exploit<\/a> to compromise the Samsung devices\u2019 modems in the first place. Beyond that, he claims, the researchers fail to provide any real evidence that an attacker could execute the modem\u2019s functionalities remotely.<\/p>\n<p>Obviously Kocialkowski is making a serious allegation and Rosenberg has come along to claim the allegation is a bit of a reach. This is standard fare in the industry, particularly when the researcher that found the bug, which reportedly exists in \u201cmost proprietary Android systems,\u201d very conspicuously works on a pro-open-source project. In other words, there is more than a little conflict of interest at play here.<\/p>\n<p>Either way, backdoor vulnerability or not, the real problem for users of Google\u2019s mobile operating system has to do with Android\u2019s nearly non-existent security update and patching processes.<\/p>\n<p>Because Android is open-source, highly customizable, and installed on a wide-array of different devices built by different companies, each smartphone manufacturer creates its own specific Android build to meet the needs of their particular devices. This reality has a number of ramifications.<\/p>\n<p>First and foremost, there is always the possibility that certain vulnerabilities will affect some Android builds and not others. Once a vulnerability is found and a patch is developed for it, the device manufacturers would have to create their own special and customized firmware update, making sure that the update is compatible with all the specialized software and hardware on the phone in question. After that, the carriers get to look at the update and make sure it won\u2019t negatively impact their networks as well. Once the carrier approves the patch or patches, they (the carrier) then have to push the fix to their users.<\/p>\n<p>Problematically, the carriers and the manufacturers take their sweet time testing these patches. Often, the end-result of this system is that Android handsets just don\u2019t get patched. As a point of comparison, <a href=\"https:\/\/www.kaspersky.com\/blog\/critical-ios-macos-bug-can-expose-your-confidential-data-update-now\/\" target=\"_blank\" rel=\"noopener nofollow\">updates for Apple\u2019s iOS<\/a> come directly from their Cupertino, California headquarters to the phone in your pocket (or possibly to iTunes on the computer on your desk). Once Apple builds the patch, there is virtually nothing keeping them from shipping it.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A number of Samsung\u2019s popular Galaxy devices reportedly contain an alleged backdoor that could give attackers remote control of vulnerable handsets, effectively turning successfully exploited phones into mobile spying machines.<\/p>\n","protected":false},"author":42,"featured_media":2996,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5],"tags":[538,440],"class_list":{"0":"post-2995","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"tag-mobile-hacks","9":"tag-samsung"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/popular-samsung-devices-allegedly-contain-backdoor\/2995\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/popular-samsung-devices-allegedly-contain-backdoor\/3096\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/popular-samsung-devices-allegedly-contain-backdoor\/3392\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/popular-samsung-devices-allegedly-contain-backdoor\/3378\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/popular-samsung-devices-allegedly-contain-backdoor\/2989\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/mobile-hacks\/","name":"mobile hacks"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/2995","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/42"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=2995"}],"version-history":[{"count":2,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/2995\/revisions"}],"predecessor-version":[{"id":15740,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/2995\/revisions\/15740"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/2996"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=2995"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=2995"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=2995"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}