Project

General

Profile

SamsungGalaxyBackdoor » History » Version 3

Paul Kocialkowski, 01/29/2014 08:41 PM

1 1 Paul Kocialkowski
h1. Samsung Galaxy Back-door
2
3 3 Paul Kocialkowski
This page contains a technical description of the back-door found in Samsung Galaxy devices.
4
For a general description of the issue, please refer to the following statement: 
5 1 Paul Kocialkowski
6
*This back-door is present in most proprietary Android systems running on the affected Samsung Galaxy devices, including the ones that are shipped with the devices. However, when Replicant is installed on the device, this back-door is not effective: Replicant does not cooperate with back-doors.*
7
8
h2. Abstract
9
10
Samsung Galaxy devices running proprietary Android versions come with a back-door that gives remote access to the data stored on the device.
11
In particular, the proprietary software that is in charge of handling the communications with the modem implements a class of requests, known as RFS, that allows the modem to perform remote I/O operations on the phone's storage.
12
13
h2. Analysis
14 2 Paul Kocialkowski
15
The following analysis was conducted using the @libsec-ril.so@ binary file (the incriminated proprietary software) as extracted from the CyanogenMod 10.1.3 system zip for the Galaxy S 3 (I9300), from location @system/lib/libsec-ril.so@.
16
17
*Disclaimer: *
18
19
h2. Notes
20
21
Our free software replacement for the incriminated binary is [[Samsung-RIL]] which relies on [[Libsamsung-ipc|libsamsung-ipc]], used in Replicant.
22
23
The affected devices have modems that use the Samsung IPC protocol, mostly Intel XMM6160 and Intel XMM6260 modems. Note that despite this back-door, the devices using these modems are most likely to have good modem isolation, compared to other devices using Qualcomm platforms. Bear in mind that this back-door is implemented in software and can easily be removed by installing a free replacement for the incriminated software, for instance by installing Replicant.
24
25 1 Paul Kocialkowski
26
27
28
incriminated messages
29
disclaimer