Join gaming leaders, alongside GamesBeat and Facebook Gaming, for their 2nd Annual GamesBeat & Facebook Gaming Summit | GamesBeat: Into the Metaverse 2 this upcoming January 25-27, 2022. Learn more about the event.
Samsung acknowledged today that the CPU used in many of its phones, including the massively popular Galaxy S III, is vulnerable to a hack that can give attackers full access to your phone.
The vulnerability was discovered about a week ago by a security researcher named “alephzain,” who posted an overview of the exploit on XDA-Developers. Essentially, malicious code from shady applications can use a security hole in a phone’s source code to gain control of anything in physical memory … and thereby install apps, backdoors, or simply read your personal data.
Unfortunately, “alephzain” also posted working sample source code before informing Samsung … meaning that the bad guys could already have made apps to attack your Samsung phone.
In its statement, Samsung says it is working on patching the hole as soon as possible:
Samsung is aware of the potential security issue related to the Exynos processor and plans to provide a software update to address it as quickly as possible.
The issue may arise only when a malicious application is operated on the affected devices; however, this does not affect most devices operating credible and authenticated applications.
Samsung will continue to closely monitor the situation until the software fix has been made available to all affected mobile devices.
This is not a vulnerability in the Android operating system as created by Google per se. The vulnerable portion is the kernel — the base level of an operating system — and Samsung has modified the Android kernel to run on its proprietary Exynos processor. Those modifications contain the unsafe code that enables the security breach.
If you’re concerned about your phone being vulnerable, there are a number of things you can do:
- Don’t download any apps until Samsung releases a fix
- Or, only download apps from known good sources (e.g., Google Play)
- Even at Google Play, only download apps that are from known and verified publishers
- Or, if you must, install an instant fix (which may have some negative effects on your phone’s functioning).
VentureBeatVentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact. Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:
- up-to-date information on the subjects of interest to you
- our newsletters
- gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
- networking features, and more