We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Samsung working to fix latest Galaxy S III exploit

Samsung is looking to patch a critical flaw found in its Galaxy line of Android smartphones.

Samsung says it's working "as quickly as possible" to fix an exploit in some of its Android phones, which could allow hackers to gain total control over the device.

The exploit was first reported on the XDA Developers forums on Saturday, and attracted lots of attention from the tech press. It allows malicious apps to control all physical memory on the device, thereby allowing for remote wipes, access to user data and other malicious activities.

All Samsung Android phones based on Exynos 4210 and 4412 processors are vulnerable. As Android Central notes, that includes the Galaxy S II on Sprint, Galaxy Tab 2, Galaxy Note 10.1 and certain Galaxy Player models. International versions of the Galaxy S III, Galaxy Note and Galaxy Note II are affected, as well as U.S. versions of the Galaxy Note II, but U.S. versions of the Galaxy S III are not affected.

In a statement to Android Central, Samsung says it's aware of the issue and is working on a software update to fix it. "Samsung will continue to closely monitor the situation until the software fix has been made available to all affected mobile devices," the company said.

No biggie, says Samsung

Although this exploit sounds pretty dangerous, Samsung says that "most devices operating credible and authenticated applications" won't be affected. In other words, if you're downloading trustworthy apps from the Google Play Store, you probably have nothing to worry about. (It's unclear whether Google's malware scanner, which examines all new apps in its store, is picking up on this new exploit.)

Still, the exploit doesn't look good for Samsung, which just a few months ago had to scramble to fix another software vulnerability. That security flaw allowed attackers to remotely wipe phones running Samsung's TouchWiz UI, using only a Web link with malicious code.

To be clear, these are security flaws in specific Samsung phones, not to be confused with general malware such as apps that send premium-rate SMS messages without permission. The common thread, however, is Android's open app ecosystem, which allows users to install any software they want. While all Google Play Store apps must pass a malware check, the system isn't foolproof. Neither is the new built-in malware scanner in Android 4.2 for apps from outside the store.

Which brings us back to the usual refrain: An occasional security threat is the byproduct of having that open ecosystem. That means users should take some basic precautions before downloading an app, like seeing how many users have downloaded it, and what they're saying about it. As Samsung says, credible applications won't pose any danger, even for this new exploit. But if a little extra care sounds like too much work, there's always the iPhone or Windows Phone instead.


IDG UK Sites

Best Christmas 2014 UK tech deals, Boxing Day 2014 UK tech deals & January sales 2015 UK tech...

IDG UK Sites

LED vs Halogen: Why now could be the right time to invest in LED bulbs

IDG UK Sites

Christmas' best ads: See great festive spots studios have created to promote themselves and clients

IDG UK Sites

Why Apple shouldn't be blamed for exploitation in China and Indonesia