Samsung still needs to plug hole in Android devices - maringois1977

Samsung is apparently still working on an update for a software flaw that could allow attackers to siphon personal data from a phone.

The exposure affects Samsung's S II and S III phones and several models of its Galax demarcation, including the Note, Note II, Note Plus and Mark 10.1, all of which use the Peninsula company's Exynos 4210 and 4412 model processors.

The flaw and an exploit was disclosed in mid-December on XDA Developers, a forum for motile developers. Samsung's engineers apparently ready-made a poor conformation misapprehension involving the Mechanical man kernel and failed to bound kernel address space mapped to userspace via the /dev/exynos-mem device driver.

An practical application incorporating the exploit was created aside a developer nicknamed Chainfire on the meeting place.

Chainfire's application allows users to modify the phone to make the exploit ineffective, but the fix also disables a device's camera in much instances depending on the device's firmware version.

Chainfire warned that other application-based fixes that have been developed are seriously imperfect, so users should not depend along those to provide security until Samsung issues an update.

"The only true solution is a essence unsex that simply removes the exploitable memory device, but that requires a not-universal device update," Chainfire wrote.

Samsung downplayed the seriousness of the issue, saying in a statement that "the issue may arise only when a malicious lotion is operated on the affected devices; however, this does not affect almost devices operating credible and documented applications."

Samsung's devices can be updated over the air by operators, or users can do it with a background computer victimisation the company's Kies software package, according to a interpreter.

Play Store scans for hacks

Android applications submitted to Google's Play store are checked for malicious behavior, merely thither are many websites around the Internet offering Android applications, many of which aim to be a legalise but are really cattish software and could incorporate this exploit.

Since an exploit has been publicized, Trend Micro said that it is only a matter of time earlier hackers begin to use it.

Samsung aforesaid it "wish persist in to closely admonisher the situation until the software fix has been made available to all affected raisable devices." It did not specify when the deposit would be addressable.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk