Android Coders Claim "Back Door" Enables Remote Access to Samsung Galaxy Phones

By Gary Cutlack on at

The developer of the Replicant custom Android ROM claims to have uncovered what amounts to a classic "back door" computer hack within Samsung's Galaxy series of smartphones, suggesting that Samsung's modem tools have certain communication protocols in them that could allow outsiders to "access the phone's file system."

The coder explains the potential for exploiting Samsung's software like this:

"Samsung Galaxy devices running proprietary Android versions come with a back-door that provides remote access to the data stored on the device. In particular, the proprietary software that is in charge of handling the communications with the modem, using the Samsung IPC protocol, implements a class of requests known as RFS commands, that allows the modem to perform remote I/O operations on the phone's storage."

 

Point being, it appears to allow the phone's modem to access the device's internal storage, which is, at best, a bit of a weird thing to offer. As well as providing a proof-of-concept piece of code to exploit the hole, Replicant is also offering a replacement tool to patch up the alleged security hole if you're the worrying sort. [Replicant via Boing Boing]