That's the word from Replicant, a company that makes its own Android software based the concept of replacing proprietary components with free software. March 13, 2014 6:04 AM PDT The Samsung Galaxy Tab 2 10.1 -- one of the allegedly affected devices. (Credit: Josh Miller/CNET) Samsung's Galaxy devices might have a built-in security flaw that could allow for "remote access to data," a developer claims. The folks behind Replicant, a free and open source Android distribution that attempts to replace proprietary Android components with free alternatives, claim to have discovered a flaw in certain Samsung devices that allows for access "to read, write, and delete files on the phone's storage." In addition, the developers say that the flaw has "sufficient rights to access and modify the user's personal data." The trouble, the developers claim resides in the use of two processors in mobile devices. The applications processor runs the main operating system, while another, baseband processor, is used to handle communications to and from the device. The issue with the baseband processor in Samsung's devices, Replicant argues, is that it's using a proprietary Samsung software to handle all the communication. And that software allows for a backdoor to user data, the developers argue. "Provided that the modem runs proprietary software and can be remotely controlled, that backdoor provides remote access to the phone's data, even in the case where the modem is isolated and cannot access the storage directly," Replicant wrote in a blog post on Thursday. Although Replicant said that the software could potentially access user data, it appears that it's doing nothing wrong. In fact, the company wrote that there are some features in the software that are "legitimate." According to Replicant, the Nexus S, Galaxy S, S2, and S3, and Galaxy Tab 2 10.1, among other Samsung devices, are affected by the issue. One other note: Replicant's announcement might also be somewhat self-serving: the company said in a blog post that its free alternative would mitigate the issue. CNET has contacted Samsung for comment on the report. We will update this story when we have more information.
That's the word from Replicant, a company that makes its own Android software based the concept of replacing proprietary components with free software.
The Samsung Galaxy Tab 2 10.1 -- one of the allegedly affected devices.
(Credit: Josh Miller/CNET)
Samsung's Galaxy devices might have a built-in security flaw that could allow for "remote access to data," a developer claims.
The folks behind Replicant, a free and open source Android distribution that attempts to replace proprietary Android components with free alternatives, claim to have discovered a flaw in certain Samsung devices that allows for access "to read, write, and delete files on the phone's storage." In addition, the developers say that the flaw has "sufficient rights to access and modify the user's personal data."
The trouble, the developers claim resides in the use of two processors in mobile devices. The applications processor runs the main operating system, while another, baseband processor, is used to handle communications to and from the device. The issue with the baseband processor in Samsung's devices, Replicant argues, is that it's using a proprietary Samsung software to handle all the communication. And that software allows for a backdoor to user data, the developers argue.
"Provided that the modem runs proprietary software and can be remotely controlled, that backdoor provides remote access to the phone's data, even in the case where the modem is isolated and cannot access the storage directly," Replicant wrote in a blog post on Thursday.
Although Replicant said that the software could potentially access user data, it appears that it's doing nothing wrong. In fact, the company wrote that there are some features in the software that are "legitimate."
According to Replicant, the Nexus S, Galaxy S, S2, and S3, and Galaxy Tab 2 10.1, among other Samsung devices, are affected by the issue. One other note: Replicant's announcement might also be somewhat self-serving: the company said in a blog post that its free alternative would mitigate the issue.
CNET has contacted Samsung for comment on the report. We will update this story when we have more information.
