We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Samsung working to fix latest Galaxy S III exploit

Samsung is looking to patch a critical flaw found in its Galaxy line of Android smartphones.

Samsung says it's working "as quickly as possible" to fix an exploit in some of its Android phones, which could allow hackers to gain total control over the device.

The exploit was first reported on the XDA Developers forums on Saturday, and attracted lots of attention from the tech press. It allows malicious apps to control all physical memory on the device, thereby allowing for remote wipes, access to user data and other malicious activities.

All Samsung Android phones based on Exynos 4210 and 4412 processors are vulnerable. As Android Central notes, that includes the Galaxy S II on Sprint, Galaxy Tab 2, Galaxy Note 10.1 and certain Galaxy Player models. International versions of the Galaxy S III, Galaxy Note and Galaxy Note II are affected, as well as U.S. versions of the Galaxy Note II, but U.S. versions of the Galaxy S III are not affected.

In a statement to Android Central, Samsung says it's aware of the issue and is working on a software update to fix it. "Samsung will continue to closely monitor the situation until the software fix has been made available to all affected mobile devices," the company said.

No biggie, says Samsung

Although this exploit sounds pretty dangerous, Samsung says that "most devices operating credible and authenticated applications" won't be affected. In other words, if you're downloading trustworthy apps from the Google Play Store, you probably have nothing to worry about. (It's unclear whether Google's malware scanner, which examines all new apps in its store, is picking up on this new exploit.)

Still, the exploit doesn't look good for Samsung, which just a few months ago had to scramble to fix another software vulnerability. That security flaw allowed attackers to remotely wipe phones running Samsung's TouchWiz UI, using only a Web link with malicious code.

To be clear, these are security flaws in specific Samsung phones, not to be confused with general malware such as apps that send premium-rate SMS messages without permission. The common thread, however, is Android's open app ecosystem, which allows users to install any software they want. While all Google Play Store apps must pass a malware check, the system isn't foolproof. Neither is the new built-in malware scanner in Android 4.2 for apps from outside the store.

Which brings us back to the usual refrain: An occasional security threat is the byproduct of having that open ecosystem. That means users should take some basic precautions before downloading an app, like seeing how many users have downloaded it, and what they're saying about it. As Samsung says, credible applications won't pose any danger, even for this new exploit. But if a little extra care sounds like too much work, there's always the iPhone or Windows Phone instead.


IDG UK Sites

Apple promises developers better stability, performance for Swift

IDG UK Sites

5 things we hate about MWC: What it's like to be a journalist at a technology trade show

IDG UK Sites

Interview: Lauren Currie aims to help design students bridge skills gap

IDG UK Sites

12in Retina MacBook Air release date rumours: new MacBook Air to have fingerprint ID, could launch...