Fearmongering 101: The Case of the Samsung Galaxy Backdoor Exploit

Fearmongering 101: The Case of the Samsung Galaxy Backdoor Exploit
Yesterday, the Free Software Foundation published an article written by Paul Kocialkowski. A software developer for the the Android fork system Replicant, Paul stated that his organization discovered, and later patched, a "backdoor" vulnerability that existed in older Samsung Galaxy devices, including our beloved Galaxy S3s. Only problem is, it's kind of bullshit—but we'll get to that later.The post detailed a program that runs on the device's radio (baseband + modem), potentially allowing for a backdoor that could read, write, and modify system files on the device's storage from the processor. "We discovered that the proprietary program running on the applications processor in charge of handling the communication protocol with the modem actually implements a backdoor that lets the modem perform remote file I/O operations on the file system"The article went on to state that Replicant had found a way to close the backdoor, which required an installation of their open-sourced Android fork. "Our free replacement for that non-free program does not implement this backdoor. If the modem asks to read or write files, Replicant does not cooperate with it."Hmm...so the fix is to use their software, interesting.

Why It's BullshitThe article and exploit have been effectively debunked, thanks to a tip to XDA from an anonymous security expert. Basically, making this backdoor actually work would "require a modified firmware with with security features disabled".This means that if you've accepted a firmware update in the last year, which you probably have, then you're safe. In addition to that, our devices now run SELinux (a security module in Linux kernels, ie. Android), which all but closes the door on this type of potential attack.
Why Did They Do ItReplicant is a free, fully open-sourced Android distribution, or fork. As such, they take great strides in building ROMs that are indeed open, from their source code to their apps—so much so that they even substitute Google's proprietary apps with open source alternatives. While it may not be great to the average end user, open source apps have been steadily gaining ground, even if most of us will replace them for the more polished, closed sourced versions. But the one area where open source stalls are with proprietary device drivers, causing headaches to devs trying to port things like Bluetooth and LTE functionality. Groups like CyanogenMod use general workarounds to make everything functional, but that's usually at the cost of stability, since OEMs like Samsung will just about always include proprietary code into basic functions.A post like the one written by Paul is great in that it points out security flaws, but this case seemed quite self-serving. Not only did they tout their "fix" and their software, but by calling out Samsung, they hoped to make some waves within the consumer community. If we read the post and get angry enough, enraged emails and tweets to Samsung could elicit a response. But more than that, an uproar can cause the OEM to actually release their code, in this case for the modem/processor, which in turn makes forks like Replicants much more stable, since they can infuse the original code from the manufacturer.But in this case, I wouldn't count on it, or even a response from Samsung. The internet did its job, and we can rest assured that the hit in credibility to Replicant, as well as the Free Software Foundation, will hopefully curb this type of fearmongering sensationalism...hopefully.
Security concept image via Shutterstock



Learn how to hack Google with this amazing video. This video will teach you how to hack Google by using advanced search operators and esoteric search terms to find "hidden" files and mp3s quickly and easily; you'll also learn how to use Google to hack unprotected Internet-controlled devices like webcams and security cameras.
How To Hack Google - YouTube


In this way, the RAR file password can be easily removed and get converted into a zip file. Bottom Line. Now, we have learnt three possible ways to open locked RAR files without the use of third-party software. Hopefully you will get access to password protected RAR files easily with your PC.
How to Open RAR Files Whether It is Password-protected or Not?


The Full Capacity of Your Samsung Galaxy S8's SD Card. an hour of video that uses every pixel of resolution will take about 4GB. you need to do a little bit
Samsung Galaxy Camera Tips & Tricks for Getting the Best


How to add speed-dial to your iPhone's Notification Center in iOS 8 Posted by Gautam Prabhu on Nov 19, 2014 in App Extensions , How To , iOS 8 , Widgets As you probably know by now, it is a lot easier to access favorite and most recent contacts in iOS 8 .
How to add speed dial contacts in notification center: iPhone


We've described easy ways to free up space on your iPhone or iPad but that may not be enough for those who store a lot of data on their iOS devices. It's why we recommend that you pay a little
How to Free Up Space on iPhone (& Never Worry About - YouTube


Wonder How To is your guide to free how to videos on the Web. Search, Browse and Discover the best how to videos across the web using the largest how to video index on the web.
How to Turn Your Furby Evil - YouTube


Save your Stories and use them later. Instagram Stories Archive automatically saves your Stories for trips down memory lane. The cool part is, you don't need to do anything to get started
Stories | Instagram Help Center


Make a Stylus Pen on your Own. Touch screen stylus pens are pretty inexpensive and you can easily find them on Amazon.com or Ebay.com for a few bucks. For instance, the Pogo Sketch stylus which is pretty popular among iPhone (and now iPad) users, costs less than $10 and you can even use it with the multi-touch trackpad of your Macbook.
DIY: The 2-minute Stylus - CNET


When that's finished, go ahead and give it a whirl. Apps that formerly wouldn't work with split-screen mode should now work fine for the most part. It's worth keeping in mind that the results can still be buggy here—you are, after all, forcing an app do something it isn't supposed to do. Most of the time, however, it works quite well.


This How-To Geek School course aims to teach you how to use Android effectively, showing you the most important settings and methods needed to really become an Android pro and get the most out of your device.
Cool and hidden features of android phones - Spinfold


How to Make Your Own Ringtones for Verizon Phones. Don't want to spend a buck on a ringtone? Want to chose which part of the song you want? Well this article will tell you how to make a free ringtone on a Verizon phone.


The Roku is one of the most popular streaming devices because you can get apps for nearly any streaming service on your Roku player. With the Roku Channel Store, you can browse both free and paid apps for movies, music, and TV shows. Along with getting all of the apps you want, Roku makes it easy to find those apps when you're ready to watch
7 Streaming TV Packages That Will Let You Cut the - money.com
money.com/money/3963077/streaming-packages-cord-cutting-cable/
SAVE: $540 A YEAR. THE PLAN: 12 seasons of shows. If you have unpredictable tastes but focus on only one show at a time, it might make the most sense to buy your television à la carte. For the amount you'd save by switching from cable to just Internet service (about $900 a year), you can pick up 30 seasons of TV for $30 each.
Time For a Different Workout | Take the Daily Burn Challenge
AD


7 ways to make your PC look like a Mac. we prefer RocketDock's look and feel, and the fact that there's no charge for extra applets. Widgets for a more colourful, Apple Dashboard-like
How to Make a Windows Computer Look Like a Mac: 9 Steps


Dropping the Beat: How to Make Google Translate Beatbox for You Jan 17, 2014 I know that after seeing 8 Mile for the first time, you and your friends tried a few freestyles yourself. Nothing to be embarrassed about. As one digiwonk.gadgethacks.com
Beatbox Tutorial - The Basics « Beatbox Tutorials :: WonderHowTo

0 comments:

Post a Comment