, the developers of the Replicant OS
has uncovered a backdoor
pre – installed on Samsung Galaxy devices and the Nexus S, that provides remote access to all the data in the device.
Replicant OS is an open source operating system based on the Android mobile platform, which aims to replace all proprietary Android components with their free software counterparts.
In a blog post
, He explained that Smartphones come with two separate processors, one for general-purpose applications processor that runs Android OS and the other one known as the Modem
, responsible for communications with the mobile telephony network.
The Researcher found that a Samsung’s IPC protocol runs in the background, which is bound to the communications processor, and allows the modem to remotely read, write, and delete files on the user’s phone storage. Samsung IPC protocol, implements a class of requests, known as RFS commands, that allows the modem to perform remote I/O operations on the phone’s storage.
“The spying can involve activating the device’s microphone, but it could also use the precise GPS location of the device and access the camera, as well as the user data stored on the phone. Moreover, modems are connected most of the time to the operator’s network, making the backdoor nearly always accessible.”
This backdoor might have been placed there accidentally, but remote ability of modifications to the user’s personal data without user knowledge poses a serious threat.
“It is possible to build a device that isolates the modem from the rest of the phone, so it can’t mess with the main processor or access other components such as the camera or the GPS.”
The researcher identified multiple Samsung devices affected by this vulnerability, including; Nexus S, Galaxy S, Galaxy S2, Galaxy Note, Galaxy Tab 2, Galaxy S 3, and Galaxy Note 2.
“The incriminated RFS messages of the Samsung IPC protocol were not found to have any particular legitimacy nor relevant use-case. However, it is possible that these were added for legitimate purposes, without the intent of doing harm by providing a backdoor.” he said.
“However, some RFS messages of the Samsung IPC protocol are legitimate (IPC_RFS_NV_READ_ITEM and IPC_RFS_NV_WRITE_ITEM) as they target a very precise file, known as the modem’s NV data.” he added.
If you want to fix the backdoor
, the Replicant team has published a security patch
‘ for your Samsung Smartphone, which is a replacement for the Samsung-RIL library.