J
Justin Herrick
Guest
If this claim is true, Samsung has some explaining to do. According to the folks that develop Replicant, Samsung has “remote access to data.” Now that is a very large claim to be making. So what do they mean? To do this, Replicant says that Android’s largest hardware manufacturer is utilizing two processors as a backdoor to gain user information. The applications processor handles all of the usual functions; however, the other is for the communication coming to and from the handset.
The issue comes from the latter, the baseband/modem processor. Replicant is claiming that this processor uses Samsung’s own software and has the ability to modify a user’s storage and data. The devices affected include the Nexus S, Galaxy S, Galaxy S II, Galaxy Note, Galaxy Nexus, Galaxy Tab 2 7.0, Galaxy Tab 2 10.1, Galaxy S 3, Galaxy Note II, and potentially the Galaxy S 4 and Note 3.
After this news broke yesterday, Ars Tchnica did a little bit of questioning to find out more about this concern. They sat down with Dan Rosenberg, a senior security researcher at Azimuth Security. First off, Rosenberg does not believe that Samsung is using a backdoor to do any of this. He says “there is virtually no evidence for the ability to remotely execute this functionality” due to Samsung’s own software. So if Samsung is doing something, they are not doing it very quietly.
Rosenberg clarifies that not everything is exposed. Only data related to the device’s radio and SD card can be read; however, this is something that every application requires. He then makes it clear that Samsung was not using this to snoop, but instead to actually perform a function. Also, Rosenberg feels that the real issue that should be addressed is that this can allow files involving the modem to be modified.
Source: CNET, Ars Technica
Come comment on this article: Developer claims Samsung is using a backdoor to access user data, but security expert disagrees
Visit TalkAndroid for Android news, Android guides, and much more!
News via TalkAndroid