In the vast majority of cases, kernel exploits are so common that they don’t really make their way into the mainstream news media. But that isn’t the case with the current situation, because the particle “malware vulnerability” was attached to it, giving the whole thing a lot more weight. To summarize, the kernel exploit in discussion was discovered by XDA and the Samsung products that are vulnerable to it comprise of models that include the Exynos chipset. On a side note, that’s quite a few of them. But before we jump into it, let’s first take a moment to establish the basis of the situation.
Rooting and jailbreaking
In spite of the negative connotations that “malware vulnerability” confers this kernel exploit, it is necessary to point out that virtually all programs and applications that root/jailbreak a smartphone fall under the category of malware by default. To put it simply, every line of code that has the role of modifying the operating system of your phone – irrespective of its designated purpose – can be considered a virus/Trojan/worm.
Therefore, this exploit has received a lot more hype than it actually deserves simply because of a misinterpreted concept. That doesn’t mean that it’s not bad, just that it’s not any worse than the stuff utilized to root your smartphone in the first place.
What Samsung devices are vulnerable to the kernel exploit?
As previously mentioned, the Exynos chipsets are susceptible to the exploit, but only the devices with 4210/4412 processors are at risk. That doesn’t really narrow down the list by a lot, considering that the following mobile devices are equipped with them:
- Sprint/International Galaxy S2
- International version of Galaxy S3/Note/Note 2
- A few Galaxy Player versions
- Galaxy Tab 2
- Galaxy Note 10.1 model
The good news for U.S. residents is that their model of Samsung Galaxy S3 is not at risk. Nevertheless, there is still a wide array of susceptible smartphone models and that means the carelessness of Samsung cannot be taken lightly.
What does the kernel exploit basically do?
Essentially, this bug enables users free entry to the kernel source of the mobile device, permitting them to access the RAM. From that point on, the RAM can be dumped, analyzed, reverse engineered and modified to their will. An APK with the capability of rooting the aforementioned mobile devices with a single click stands proof that it is entirely possible. In fact, even for the Verizon variant of Galaxy Note 2 that features a locked boot-loader the APK works like a charm. Enough said.
Why would a rooting APK be a problem?
The rooting APK is not a problem in itself, but it does show how easy it is to build an application with a few concealed lines of code that has the sole purpose of rooting a mobile without the user’s consent. The malware can easily utilize the elevated post-rooting permissions in order to steal private data for example. And this is just one of the things that you can achieve after gaining root access. An application of this nature can be distributed very easily to unsuspecting victims. Keep in mind that a rooted smartphone has already lost its main line of defense against hacking attempts. This should also be an argument against the popular but dangerous practice of intentionally rooting/jailbreaking your mobile device.
What can you do?
In the event that your smartphone is among the ones listed in this article, then you should take the necessary steps to protect yourself. For devices with custom ROMs (most are already rooted anyhow) you should contact the developer and learn whether or not its kernel is vulnerable. On the other hand, standard stock mobiles are less susceptible, unless you take the chance of installing pirated/unsafe apps. You won’t be able to determine whether or not an app is abusing the kernel exploit because virtually all of them require memory access to operate. Therefore, you should first establish an app’s authenticity and trustworthiness before downloading it in order to avoid malware infections.
A possible fix
Supercurio has developed a patch for the kernel that repairs the vulnerability and mends the security breach. This patch does not have to be installed, does not alter your files and does not necessitate root access. Also, it can be turned on/off whenever you want. Unfortunately, there are some negative interactions with the device’s camera and/or HDMI output.