Security-hole in Exynos 4 kernel, Samsung Galaxy high-end smartphones highly vulnerable to the affect
Samsung earn high sales with all high-end Galaxy series smartphones due to powerful Exynos chips (4210 and 4412) but recent report came with a shock for all the Samsung’s Galaxy series high-end smartphone users in the world. The list of devices which are highly vulnerable to the attack includes Samsung Galaxy S II, Samsung Galaxy S III, Samsung Galaxy Note Samsung Galaxy Note 10.1 and the latest Samsung Galaxy Note II. The list of devices also includes devices manufactured by Meizu, Lenovo and several other regional manufacturers.
According to XDA forum member alephzain, all Samsung Exynos powered devices are affected by the security hole in kernel which easily root any device and even an application can completely access the RAM. Developers can also easily modify the kernel without any effort which results access to any physical memory and more worst, after getting superuser grant, anyone can access various camera and graphic inputs of the devices. The hole actually grants to access /dev/exynos-mem which stores several important and unexposed information of the Exynos based device.
The security hole found in Eynos 4 kernel can dump the RAM and perform kernel code injection just even by installing an app from Google Play Store. Although, Google always try to eliminate all the malicious apps from the Play Store but of course devices based on the Exynos 4 series chips are highly vulnerable to any security attack.
Taking technical part aside, actually the attack is a security hole in the kernel for Exynos 4210 and 4412 which give access to any app to use any read/write permissions without informing the end-user and even more, any app can easily access the root files, modifies data recorded on RAM and use any graphic input source as camera, graphic memory allocation and HDMI port without any permission by the end-user.
As far now, there is no official statement issued by Samsung regarding the security hole but of course developers started working on initial patches to overcome the loop-hole in the security. Many initial patches are now available to download but these patches required root access so we are not advice our readers to use such patches and wait for some official words on the matter. In case you still want to take try on the patches then visit Project Voodoo website for a fix without rooting the device.