The developer community is great in bringing outdated phones a little more up to date. They’re also great in providing users with a stock Android experience when wanted. However, something that’s often overlooked but is abundantly important is their work in finding security flaws.
This past weekend XDA user alephazin discovered a major security flaw in Samsung’s Exynos powered devices. The “flaw” has been used by a few different developers to provide root access to many devices. However, the exploit also opens up the devices to be controlled by malicious apps. Here’s his full statement below:
Recently discover a way to obtain root on S3 without ODIN flashing.
The security hole is in kernel, exactly with the device /dev/exynos-mem.
This device is R/W by all users and give access to all physical memory … what’s wrong with Samsung ? […]
The good news is we can easily obtain root on these devices and the bad is there is no control over it.
Ram dump, kernel code injection and others could be possible via app installation from Play Store. It certainly exists many ways to do that but Samsung give an easy way to exploit. This security hole is dangerous and expose phone to malicious apps. Exploitation with native C and JNI could be easily feasible.”
Apparently Samsung has already been notified about the problem so they’re likely working on a patch that will roll out in the near future. But my best advice is to simply be careful of what you download. Before downloading any app it’s a good idea to read through reviews and ensure that others have been using the app successfully.