Samsung Galaxy backdoor discovered that enables remote read/write access

One of the major issues with closed source operating systems is that there is no independent code review: you can never truly tell what is happening. Backdoors that have been placed in a device, maliciously or otherwise, could allow an attacker to have the power to wreak havoc on an unsuspecting victim.

Paul Kocialkowski, a developer for a fully free/open version of Android, published a guest post on the Free Software Foundation detailing his discovery of a backdoor that has been implemented in a range of Samsung Galaxy devices. He commented on how he had found a Samsung program running in the background, binded to the communications processor, that allows the modem to remotely read, write, and delete files on the user's phone storage. Several Samsung devices give that program sufficient rights to access and modify the user's personal data.

"Provided that the modem runs proprietary software and can be remotely controlled, that backdoor provides remote access to the phone's data, even in the case where the modem is isolated and cannot access the storage directly." - Kocialkowski​

As always, some backdoors might have been placed there accidently, however the Replicant developers mention on the technical description that they do not believe it to be the case. They comment that the incriminated parts "were not found to have any legitimacy nor relevant use-case." Even if it wasn't malicious in intent, the current situation is the same, and as of right now there exists a backdoor in the affected devices.

Replicant has published a patch which is a replacement for the Samsung-RIL library. You can view the full list of affected devices, technical details of the backdoor, and access the patch at the Replicant wiki.

This comes weeks after the SSL/TLS flaw discovered affecting iOS and OSX devices that resulted in the validation of invalid certificates in any program that depended on the built-in SSL libraries. Whether or not Samsung will respond to this backdoor as swiftly as Apple responded to their vulnerability, however, is yet to be seen.

Source: FSF | Image via Shutterstock

Following the lead of the FSF, Neowin would like to encourage all current and prospective Samsung Galaxy owners to appeal to Samsung for an explanation as to why such backdoor exists.

Report a problem with article
Previous Story

Microsoft releases Windows 8.1 User Readiness Toolkit for IT workers

Next Story

Ray 'Stallion83' Cox IV now has 1 million Xbox Live Achivement points

65 Comments

Commenting is disabled on this article.

I think it's safe to assume that the powers that be pretty much have some secret access to most things that are online in some form.
Simplest way out of this scenario though, if you're that worried, don't use a smartphone and change your PAYG sims frequently.

I really wish people would build something for Samsung Axiom my phone. No custom ROMS for it and I am stuck for another year in the contract. With all this said, Maybe someone will program a patch for the Play store for all the Samsung variants in the Galaxy line which mine happens to be.

Tsk. When will manufacturers learn? Glad alternative firmwares are still a possibility. Crap software that can't be externally audited is not to be trusted, including their binary blob handling modem functions.

Her brain has neurons meant to be receptive to males irrespective of who they are. That is a type of backdoor my friend. Money might be used to help change her mind and threats of injury or destruction to something she holds close is another type of backdoor. Lmfao.

The brain has no firewall either. Its open to all sorts of attacks. Brain computer interfaces, microwaves/electromagnetism, imagery, sound, influences, drugs, psy-ops.

nullie said,
Her brain has neurons meant to be receptive to males irrespective of who they are. That is a type of backdoor my friend. Money might be used to help change her mind and threats of injury or destruction to something she holds close is another type of backdoor. Lmfao.

The brain has no firewall either. Its open to all sorts of attacks. Brain computer interfaces, microwaves/electromagnetism, imagery, sound, influences, drugs, psy-ops.

wot??

ZipZapRap said,

wot??

I was talking about mind control silly. So many flavors of it..

Edited by zhangm, Mar 13 2014, 3:17am :

She does have one but you need to spend more time locating the exploit that will allow you entry... I suggest the more wine and dak exploit I usually find this works well along with the program plenty lube V1.0

They should call this..

NSA_backdoor_trojan.

AMD processors were found to have similar vulnerabilities.

Mascarading as a debug mode, all hardware and thus software security features can be bypassed. Essentially allowing both stealth software operation, bypassing root and administrator authentication restrictions, and more. Intel is known to have similar functionality, but its not publically disclosed yet.. http://hardware.slashdot.org/s...ode-found-in-amd-processors
NSA compiled and uses all these exploits whether it was installed there for them or not.

Windows also has NSA_KEY installed and all vulnerabilities and the source code of Windows is turned over to the NSA before the things can be patched, allowing NSA to locate and exploit vulnerabilities for hacking us and everyone else.

RSA also put in exploits so SSL / Etc would be vulnerable to their attack, as the leaks indicated.

nullie said,
They should call this..

NSA_backdoor_trojan.

AMD processors were found to have similar vulnerabilities.

Mascarading as a debug mode, all hardware and thus software security features can be bypassed. Essentially allowing both stealth software operation, bypassing root and administrator authentication restrictions, and more. Intel is known to have similar functionality, but its not publically disclosed yet.. http://hardware.slashdot.org/s...ode-found-in-amd-processors
NSA compiled and uses all these exploits whether it was installed there for them or not.

Windows also has NSA_KEY installed and all vulnerabilities and the source code of Windows is turned over to the NSA before the things can be patched, allowing NSA to locate and exploit vulnerabilities for hacking us and everyone else.

RSA also put in exploits so SSL / Etc would be vulnerable to their attack, as the leaks indicated.

Really? Yet the only confirmed NSA-KEYs are *nix based, and more specifically BSD based.

How does this fit into your tinfoil world...
When Vista was demonstrated to the FBI and NSA, the US government threw a fit because they had NO WAY through Bitlocker, the new volume encryption technology.

recursive said,

Now you are portraying a feature of 'Trusting Computing' as a backdoor?

Holy Freaking wow...

Do you even understand what you are reading when you post links to this crap?

Do you understand what this feature is? (Obviously the article author and 'researcher' doesn't, but when it was refuted, hopefully it was explained with big crayons for them.)

This exists in any 'locked' device with trusted computing boot. It allows the owner, the OEM, or the OS to remotely 'lock' or 'erase' the device. (Which is required by law now in several places, especially on tablets and phones.)

If you think this is just a Microsoft or Apple feature, you might want to try installing Windows on a Chromebook, as they are one of the most locked down devices currently being sold - based directly off this technology.

Again, Holy freaking wow...


recursive said,
Holy freaking wow can you even read?

Chromebooks use it to verify the locally installed OS. Microsoft use it through Windows 8 to remotely access the computer, aka, backdoor.

http://www.testosteronepit.com...ities-not-to-use-windo.html


Uhm yes how else would you locate your surface or lumia if its stolen or lost? Or how else would you remotely wipe the device?.....
Strange huh that MS has a way in their own products. I personally trust MS enough not to cock about on my 920 and PC. And in return if either ever gets stolen, I know where it is (or last was) and remotely wipe it the moment someone turns it on with some form of connectivity(can even be done through SMS for WP8... omg go write an article about this backdoor!?!?!)

Also you can disable this easily, be it through registry edits or group policies. Its just a feature. Disable it and "backdoors" are closed.

Mobius Enigma said,

Really? Yet the only confirmed NSA-KEYs are *nix based, and more specifically BSD based.

How does this fit into your tinfoil world...
When Vista was demonstrated to the FBI and NSA, the US government threw a fit because they had NO WAY through Bitlocker, the new volume encryption technology.

http://www.washingtonsblog.com...oor-in-windows-by-1999.html

NSAKEY has been installed in Windows since version 95.

RSA is also backdoor'd meaning all encrypted content in Windows is inherently insecure.

Microsoft also turns over all exploits to the NSA before patching so that the NSA can use these to exploit strategically before Microsoft patches anything. Furthermore, Windows source code is shared with the NSA.

If it was there or still there, the source is a 14 year old document... In where nothing was really acknowledged.... then there would be more documents. To many eyes are on Windows to get away with this unseen for 14+ years.

no there wouldn't be "more documents." in the 50+ years of the NSA, the only document leaker has been Edward Snowden.

there has been various whistleblowers, and none of them produced classified documentation.

documents are very rare to come by because that's a conviction guarantee. the other person to produce documents was a DOD employee, named Bradley Manning, who is now serving 10+ years for Cable gate.

Microsoft acknowledged the keys existence and they have lied about it being there for any harmful reasons. These comments from Microsoft over a decade old, and considering what we know about the NSA having backdoors in every system today, we can pretty much deduce that this was part of a backdoor built into Windows with no legitimate purpose for the end-user, just like everyone was saying back in the 90s about this:

Microsoft denied the speculations on _NSAKEY. "This report is inaccurate and unfounded. The key in question is a Microsoft key. It is maintained and safeguarded by Microsoft, and we have not shared this key with the NSA or any other party."[3] Microsoft said that the key's symbol was "_NSAKEY" because the NSA is the technical review authority for U.S. export controls, and the key ensures compliance with U.S. export laws.[4]

From Wikipedia: http://en.wikipedia.org/wiki/NSAKEY

Edited by nullie, Mar 13 2014, 5:20pm :

Backdoor in RSA for NSA: http://it.slashdot.org/story/1...backdoor-a-proof-of-concept

https://freedom-to-tinker.com/...dermining-customers-crypto/

Backdoors in Dell, Cisco, HP, IBM, Western Digital, Maxtor, Seagate, Junipter, and more: http://hardware.slashdot.org/s...use-nsas-top-secret-catalog

NSA Tao hacking unit: http://www.spiegel.de/internat...obal-networks-a-940969.html

FBI has deals with NSA, can hack even your powered off phone and turn it into a recording device: http://www.washingtonsblog.com...from-government-spying.html

NSA's new plans to infect millions of computers with malware (same as their old plans, in fact.): https://firstlook.org/theinter...millions-computers-malware/

All you gotta do is install another copy of Microsoft Windows, and their Trojan replicates.

Hello,

This sounds more like the kind of feature used when debugging and testing a device. I'm surprised it was left in the production version of the products.

Regards,

Aryeh Goretsky

goretsky said,
Hello,

This sounds more like the kind of feature used when debugging and testing a device. I'm surprised it was left in the production version of the products.

Regards,

Aryeh Goretsky

You would be surprised (or maybe you wouldn't) how often 'debug' or related features make it into production products.

techbeck said,
There have been reported exploits on all platforms. Only thing that matters here is how fast it gets patched.
Have their been any on Windows Phone? I know there have been on iOS but I honestly don't on Windows Phone... as in, I've never seen any reported that I can recall.

MrHumpty said,
Have their been any on Windows Phone? I know there have been on iOS but I honestly don't on Windows Phone... as in, I've never seen any reported that I can recall.

Just the Samsung Ativ S. lol.

techbeck said,
WiFi exploit last year with WP 7.8 and WP 8

That was a man-in-the-middle attack on the PEAP-MS-CHAPv2 protocol.

Any device that implements that protocol would be vulnerable. It's not specific to Windows Phone.

The reports I read didnt even mention any other platforms. Just WP 7.8 and WP8. But that is not really the point. All platforms are open to attacks regardless if they are platform specific or not I am sure issues will be found in WP later on. But like I said, who cares as long as they are addressed quickly. Things like this will happen.

techbeck said,
The reports I read didnt even mention any other platforms. Just WP 7.8 and WP8. But that is not really the point. All platforms are open to attacks regardless if they are platform specific or not I am sure issues will be found in WP later on. But like I said, who cares as long as they are addressed quickly. Things like this will happen.

The reports you read? Have you found some underground anti-WP site that blames it for every external security flaw found in the world? Wow...

techbeck said,
The reports I read didnt even mention any other platforms. Just WP 7.8 and WP8. But that is not really the point. All platforms are open to attacks regardless if they are platform specific or not I am sure issues will be found in WP later on. But like I said, who cares as long as they are addressed quickly. Things like this will happen.
That particular issue is by design of the protocol. To use it securely you have to verify the identity of the AP: http://technet.microsoft.com/en-us/security/advisory/2876146 Any platform that implements that authentication method (its an MS protocol) would be effected if the configuration didn't first require validation of the AP.

So it's a feature, not a bug

Mobius Enigma said,

The reports you read? Have you found some underground anti-WP site that blames it for every external security flaw found in the world? Wow...

Yup, that is exactly what I found. You caught me...

Yep. You sound jealous my friend. I don't know what lag you're talking about, but my Galaxy S4 has no lag. I just tested it. I know you've never used an Android phone lately, but quit bein jelly. Hater.

Cool story. Your experience doesn't represent the rest of the world though.

If I had a Tesla car and it hasn't shot up in flames, it doesn't mean the problem doesn't exist.

Forjo said,
Another day, another non-Windows Phone exploit....

To be fair, the amount of time and effort it'd take to find and create a WP attack would have a much better ROI on Android or iOS.

So, thanks Android, you're effectively playing Tank for us

Side note: because of who uses BlackBerry, that's still a viable target, but not for mass attacks. If WP gets more business/enterprise acceptance, WP will likewise be worth attacking.

I don't think WP is invulnerable - just a poor target.

Chikairo said,

To be fair, the amount of time and effort it'd take to find and create a WP attack would have a much better ROI on Android or iOS.

So, thanks Android, you're effectively playing Tank for us

Side note: because of who uses BlackBerry, that's still a viable target, but not for mass attacks. If WP gets more business/enterprise acceptance, WP will likewise be worth attacking.

I don't think WP is invulnerable - just a poor target.

WP is not invulnerable, but in comparison to Android, it is Superman, and Android is Jimmy Olsen.

There is a vast and fundamental difference in the OS and App platform security models, so even if WP isn't a 'good' target, it doesn't mean that a non-kryptonite bullet can easily kill it.

A lot of OSes have gotten by through obscurity, but during the past 20 years Microsoft has taken one heck of a beating. They were not only targeted more, but were also subjected to every first and new security exploit concept devised.

WP is specifically designed by Microsoft with that history of security in mind. It has a very tight security App framework, sometimes to the detriment of its own success as developers can not write Apps that touch anything outside themselves.

When they created the framework, that was based off of .NET work, the team literally put security and stability first and is why they did NOT build off the WM framework or API sets.

Yes, and I'm very happy the source is open so people can contribute like this, rather than hearing people develop exploits to target closed-source systems.

Raa said,
Yes, and I'm very happy the source is open so people can contribute like this, rather than hearing people develop exploits to target closed-source systems.

I don't think the backdoor is open source...

And we're not hearing anything about people developing exploits to target Windows Phone... but on iPhone they are called 'jailbreaks' instead of '0-day exploits that allow arbitrary code execution'.

rfirth said,

I don't think the backdoor is open source...

And we're not hearing anything about people developing exploits to target Windows Phone... but on iPhone they are called 'jailbreaks' instead of '0-day exploits that allow arbitrary code execution'.

You can't compare iPhone jailbreaks to usable exploits. The iPhone jailbreaks are fairly complicated in the way they work and almost always require direct access to the phone. The only time there was an actual harmful exploit utilized by the jailbreak community was the "slide to jailbreak" method back in iOS 3.x (IIRC) that used an exploit in Safari's PDF rendering engine to execute arbitrary code.

Raa said,
Yes, and I'm very happy the source is open so people can contribute like this, rather than hearing people develop exploits to target closed-source systems.
Because people don't develop exploits to target open source systems.

abysal said,
Well to be fair only 5 people have a Windows phone, well that and all of Neowin I guess
1/3rd to 1/5th the user base of iPhones depending on the numbers I've seen. Obviously nobody is using it.

This type of thinking is what is really crazy about 'open source' security logic.

Just because the code is easy to read and 'more' people can contribute to tightening security, doesn't mean the best people are making it more secure.

Which would seem more secure...
1) Software written by a five of the brightest security experts
2) Software written by 100 monkeys

The other false logic with 'open source' overlooked, is that because it is easily readable it is more vulnerable. All it takes is ONE person that is smarter than the person that wrote the final version of the code to find flaws in the code and circumvent it.


It is also a misconception that closed source software doesn't have as many 'eyes' or as much 'experience' on a project. If you take something like the NT kernel where you have maybe 5-10 of the brightest people actually writing code, you also have to realize that they are working from a security exploit 'dictionary' that was built by tens of thousands of highly qualified security experts and hackers.


rfirth said,

I don't think the backdoor is open source...

And we're not hearing anything about people developing exploits to target Windows Phone... but on iPhone they are called 'jailbreaks' instead of '0-day exploits that allow arbitrary code execution'.

You just proved his point. Samsung make Windows Phone devices too. How are you going to make sure they haven't slipped the same backdoor in them, and if so, who is going to patch it for you?

Mobius Enigma said,
This type of thinking is what is really crazy about 'open source' security logic.

Just because the code is easy to read and 'more' people can contribute to tightening security, doesn't mean the best people are making it more secure.

Which would seem more secure...
1) Software written by a five of the brightest security experts
2) Software written by 100 monkeys

The other false logic with 'open source' overlooked, is that because it is easily readable it is more vulnerable. All it takes is ONE person that is smarter than the person that wrote the final version of the code to find flaws in the code and circumvent it.


It is also a misconception that closed source software doesn't have as many 'eyes' or as much 'experience' on a project. If you take something like the NT kernel where you have maybe 5-10 of the brightest people actually writing code, you also have to realize that they are working from a security exploit 'dictionary' that was built by tens of thousands of highly qualified security experts and hackers.


Assuming you are alluding to Windows with the 5 security experts, all that means is that the backdoors they put in are going to be that much more difficult for the monkeys (you and me) to find and close.

recursive said,

Assuming you are alluding to Windows with the 5 security experts, all that means is that the backdoors they put in are going to be that much more difficult for the monkeys (you and me) to find and close.

If you are paranoid enough to assume there are backdoors.

Windows has multi-nation security certification, that get to review the code. If for example there was an intentional NSA backdoor in Windows, no other country but the US would ever certify it for use.

With most OSS software, there doesn't have to an intentional backdoor, as it is easily exploitable. When the NSA was demonstrating how they were accessing Google servers and internal network (something they have NOT been able to do at Microsoft), Google was shocked to see so many OSS code failures so 'elegantly' used by PEOPLE SMARTER than the coders than wrote the software.

Right now the NSA can background access and monitor, BlackBerry, iOS, and Android. They have yet to do this with WP8.

This is why it is freaking insane that people are so scared about security and backdoors and yet sit around with a phone that the video and voice and all text entry can be remotely monitored by the NSA, which they freely admit and have demonstrated to Google and Apple.

Yeah, but seems nothing in the S4 and newer or the new Notes either. What was this, a limited time offer from dear Sammy?