Samsung confirms: Millions of Android phones -- including the Galaxy S III -- vulnerable to hack

Samsung acknowledged today that the CPU used in many of its phones, including the massively popular Galaxy S III, is vulnerable to a hack that can give attackers full access to your phone.

The vulnerability was discovered about a week ago by a security researcher named “alephzain,” who posted an overview of the exploit on XDA-Developers. Essentially, malicious code from shady applications can use a security hole in a phone’s source code to gain control of anything in physical memory … and thereby install apps, backdoors, or simply read your personal data.

Unfortunately, “alephzain” also posted working sample source code before informing Samsung … meaning that the bad guys could already have made apps to attack your Samsung phone.

In its statement, Samsung says it is working on patching the hole as soon as possible:

AI Weekly

The must-read newsletter for AI and Big Data industry written by Khari Johnson, Kyle Wiggers, and Seth Colaner.

Included with VentureBeat Insider and VentureBeat VIP memberships.

Samsung is aware of the potential security issue related to the Exynos processor and plans to provide a software update to address it as quickly as possible.

The issue may arise only when a malicious application is operated on the affected devices; however, this does not affect most devices operating credible and authenticated applications.

Samsung will continue to closely monitor the situation until the software fix has been made available to all affected mobile devices.

This is not a vulnerability in the Android operating system as created by Google per se. The vulnerable portion is the kernel — the base level of an operating system — and Samsung has modified the Android kernel to run on its proprietary Exynos processor. Those modifications contain the unsafe code that enables the security breach.

If you’re concerned about your phone being vulnerable, there are a number of things you can do:

Don’t download any apps until Samsung releases a fix
Or, only download apps from known good sources (e.g., Google Play)
Even at Google Play, only download apps that are from known and verified publishers
Or, if you must, install an instant fix (which may have some negative effects on your phone’s functioning).

photo credit: vernieman via photopin cc

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn More