Developers of Replicant, an open source variant of Android, claim to have identified a security flaw in some Samsung Galaxy Android based devices that could allow for remote access to user data.
Replicant develop Paul Kocialkowski, blogged last week that a broadband processor in certain Galaxy devices can be “remotely controlled, provides remote access to the phone’s data.” This backdoor provides remote access to the phone’s data, even in the case where the modem is isolated and cannot access the storage directly.
The vulnerability is created by proprietary software used for e communications with a radio modem, using the Samsung IPC protocol that implements a class of requests known as RFS commands. These allow the modem to perform remote I/O operations on the phone’s storage. Hackers could potentially use these commands to gain remote access to user files on the device.
According to Replicant, nine different types of Samsung devices have been identified with the vulnerability, so far: the Nexus S, Galaxy S, Galaxy S 2, Galaxy Note, Galaxy Nexus, Galaxy Tab 2 7.0, Galaxy Tab 2 10.1, Galaxy S 3, and Galaxy Note 2.