A software developer says he has identified a critical vulnerability in many Samsung smartphone models that can open up end users to malware attacks and expose bank account credentials and other sensitive data to attackers.
The security hole, according to a post published Saturday on the XDA Developer Forum, resides in the Android kernel of Samsung handsets running an Exynos 4210 or 4412 processor. While it creates a new and easier method for end users to root their devices, it also gives installed apps full read-write permissions to all physical memory. That, in turn, allows apps to gain unfettered control of a handset, opening the door to malware with rootkit-like capabilities. It also allows one app to monitor data processed by a second app or the operating system.
"This exploit could be dangerous," XDA developer Joseph Hindy wrote in a follow-up post. "Not only could be used to acquire root access, but for malicious applications as well. So developers will have a fun time helping to fix the issues while using the exploit for root."