Exynos 4 devices vulnerable - Galaxy S II General

http://forum.xda-developers.com/showthread.php?p=35469999
From what i understand malicious apps from the play store can gain root access to your device using this method.
I hope this won't be regarded as spam, but i didn't see anything referring to this topic in this forum. If this thread is unnecessary, delete it.

Well another reason to root your device yourself and use Superuser or SuperSU, so you can control what app wants root access.

Testraindrop said:
Well another reason to root your device yourself and use Superuser or SuperSU, so you can control what app wants root access.
Click to expand...
Click to collapse
^ This.

Testraindrop said:
Well another reason to root your device yourself and use Superuser or SuperSU, so you can control what app wants root access.
Click to expand...
Click to collapse
MaKTaiL said:
^ This.
Click to expand...
Click to collapse
That's not the point.
All suspicious apps can gain root access without user permission using that hole.
Sent from my GT-I9100 using xda app-developers app

Adam Hui said:
That's not the point.
All suspicious apps can gain root access without user permission using that hole.
Sent from my GT-I9100 using xda app-developers app
Click to expand...
Click to collapse
U mean to say that they bypass SuperUser or SuperSU?? Thats ridiculous!! Pdroid patch might help with this i think... ?

Prashanthme said:
U mean to say that they bypass SuperUser or SuperSU?? Thats ridiculous!! Pdroid patch might help with this i think... ?
Click to expand...
Click to collapse
Just click & read op link.
Or http://thenextweb.com/mobile/2012/1...-devices/?utm_medium=referral&utm_source=t.co
Sometimes & it should always we can't underestimated anybody.
Sent from my GT-I9100 using xda app-developers app

I used supercurios fix. Might help a bit though the description says it might not be able to protect from apps which begin even before it on boot.
Maybe if Samsung stops being such secretive little bas***ds about their source codes for exynos, devs can actually find out vulnerabilities quicker.
Sent from my GT-I9100 using Tapatalk 2

fatjivi said:
I used supercurios fix. Might help a bit though the description says it might not be able to protect from apps which begin even before it on boot.
Maybe if Samsung stops being such secretive little bas***ds about their source codes for exynos, devs can actually find out vulnerabilities quicker.
Sent from my GT-I9100 using Tapatalk 2
Click to expand...
Click to collapse
And what if the vulnerabilities are intentional (from samsung) ?

googy_anas said:
And what if the vulnerabilities are intentional (from samsung) ?
Click to expand...
Click to collapse
Conspiracy? really?
Sent from my GT-I9100 using Tapatalk 2

are sudden dead cases of s2 are due to this...?

googy_anas said:
And what if the vulnerabilities are intentional (from samsung) ?
Click to expand...
Click to collapse
fatjivi said:
Conspiracy? really?
Sent from my GT-I9100 using Tapatalk 2
Click to expand...
Click to collapse
It's already insisted by Sammy official fw. But I wonder if official jb will also has, since jb main mem r/w mgmt security feature was array system layout randomization (ASLR) which randomizes all r/w processing in random ram address, so it'll pretty hard to get ramsysdump log access.
And also imo that's not a conspiracy by Sammy. I think they infringed consumer privacy rights by opening this exploits to make their bloatware (Sammy apps) runs smoothly without public confirmation.
Sent from my GT-I9100 using xda app-developers app

Adam Hui said:
It's already insisted by Sammy official fw. But I wonder if official jb will also has, since jb main mem r/w mgmt security feature was array system layout randomization (ASLR) which randomizes all r/w processing in random ram address, so it'll pretty hard to get ramsysdump log access.
And also imo that's not a conspiracy by Sammy. I think they infringed consumer privacy rights by opening this exploits to make their bloatware (Sammy apps) runs smoothly without public confirmation.
Sent from my GT-I9100 using xda app-developers app
Click to expand...
Click to collapse
As it was first detected on a Galaxy S3, and it"s official JB is already out there, I assume that JB by itself won't fix it
Sent from my GT-I9100 using xda app-developers app

fatjivi said:
Conspiracy? really?
Sent from my GT-I9100 using Tapatalk 2
Click to expand...
Click to collapse
A company which introduces the emmc hardbrick bug in 4.0.4 kernel which wasn't present in 4.0.3 kernel AND keeps it for months, AND makes (maybe) intentional errors in their source code (gralloc { misplaced ) CAN also have left this exploit for an obscur reason !!!!

fatjivi said:
I used supercurios fix. Might help a bit though the description says it might not be able to protect from apps which begin even before it on boot.
Maybe if Samsung stops being such secretive little bas***ds about their source codes for exynos, devs can actually find out vulnerabilities quicker.
Sent from my GT-I9100 using Tapatalk 2
Click to expand...
Click to collapse
link?

Dexter_prog said:
link?
Click to expand...
Click to collapse
Read the article. The fix is also posted there
Sent from my GT-I9100 using Tapatalk 2

fatjivi said:
Read the article. The fix is also posted there
Sent from my GT-I9100 using Tapatalk 2
Click to expand...
Click to collapse
woops, sorry, I didn't read it because I had read it previously on sammobiles. Did the fix apk break your camera?

Dexter_prog said:
woops, sorry, I didn't read it because I had read it previously on sammobiles. Did the fix apk break your camera?
Click to expand...
Click to collapse
Yes, but not completely broken. It randomly works sometimes and sometimes FCs
Sent from my GT-I9100 using Tapatalk 2

codeworkx said:
we patched it partially. only system user and graphics group are having access.
Sent from my Nexus 4 using xda app-developers app
Click to expand...
Click to collapse
Cm10.1 already fixed...

googy_anas said:
A company which introduces the emmc hardbrick bug in 4.0.4 kernel which wasn't present in 4.0.3 kernel AND keeps it for months, AND makes (maybe) intentional errors in their source code (gralloc { misplaced ) CAN also have left this exploit for an obscur reason !!!!
Click to expand...
Click to collapse
lol, I am sorry, but that's a bit too far fetched. Just think about this from the end user's point of view (Not power users like XDA users/ ORB sufferers), the negative publicity Samsung will get (Since this issue is pretty much reported across all sites, whether dedicated to developers or just end user tech sites), will have more far reaching implications than any potential sales they will have from "switchers" from the S2. Further, general users tend to take such warnings where their data is potentially vulnerable very seriously (Even if there is a 0.00001% chance of it happening).

3xeno said:
lol, I am sorry, but that's a bit too far fetched. Just think about this from the end user's point of view (Not power users like XDA users/ ORB sufferers), the negative publicity Samsung will get (Since this issue is pretty much reported across all sites, whether dedicated to developers or just end user tech sites), will have more far reaching implications than any potential sales they will have from "switchers" from the S2. Further, general users tend to take such warnings where their data is potentially vulnerable very seriously (Even if there is a 0.00001% chance of it happening).
Click to expand...
Click to collapse
but their product wasn't bug free!! every other software out there is completely flawless. it has to be the bilderbergs. has to be!

Related

I just got an idea, somebody try this!

when youre low, on battery and you can't open up the camera app, press *#0*# and press either front cam or megacam, and see if it works!
Sent from my GT-I9100 using XDA App
go goo
Sent from my GT-I9100 using XDA App
Too late, I am charging and already much above the 15% border
I just tried it and it lets you take a picture with both cameras but it doesn't seem to save the photos anywhere.
Sent from my GT-I9100 using XDA App
it doesn't save it? you sure, hmm
Sent from my GT-I9100 using XDA App
soraxd said:
it doesn't save it? you sure, hmm
Sent from my GT-I9100 using XDA App
Click to expand...
Click to collapse
tried it , couldnt find the file either.
Its just a test of the camera so no file saving. What it does prove (though kind of obvious) is that the battery limitation is a software thing rather than hardware.
shawsky said:
Its just a test of the camera so no file saving. What it does prove (though kind of obvious) is that the battery limitation is a software thing rather than hardware.
Click to expand...
Click to collapse
Nice one, genius. How might this even be a hardware limitation ? Logical thinking would've rejected this supposition. Btw VilainTweaks includes a fix for this, so we already knew it was possible.
@op: nice try though.
Sent from my GT-I9100 using XDA App
EleCtrOx666;14420865 How might this even be a hardware limitation ? Logical thinking would've rejected this supposition.
Sent from my GT-I9100 using XDA App[/QUOTE said:
Well yes it is the logical conclusion and also obvious to me but in the interest of avoiding a potentially patronising statement that's why I said 'kind of obvious'
The only possiblility (though disproven by the mods available now) was that although still technically not hardware - if the camera's own firmware rejected operation at certain battery levels then no amount of OS tweeks would get round it.
Click to expand...
Click to collapse
shawsky said:
Well yes it is the logical conclusion and also obvious to me but in the interest of avoiding a potentially patronising statement that's why I said 'kind of obvious'
The only possiblility (though disproven by the mods available now) was that although still technically not hardware - if the camera's own firmware rejected operation at certain battery levels then no amount of OS tweeks would get round it.
Click to expand...
Click to collapse
Lol you're saying yourself that it's not a hardware limitation so you know it and still you reply it.. I can't contradict you because you're doing it on your own.
Sent from my GT-I9100 using XDA App
EleCtrOx666 said:
Lol you're saying yourself that it's not a hardware limitation so you know it and still you reply it.. I can't contradict you because you're doing it on your own.
Sent from my GT-I9100 using XDA App
Click to expand...
Click to collapse
WTF? I can only presume something was lost in the translation.
No need to be a Dickhead.

Beware of android market malware

Redmondpie report here which is self explanatory....
Now thats what im talking about...
And both of these require users to download and install crap on their phones. The solution still seems to be to only download reputable apps from reputable devs.
Oh well,,time to install AVG!!!
Sent from my GT-P1000 using XDA App
naimmkassim said:
Oh well,,time to install AVG!!!
Sent from my GT-P1000 using XDA App
Click to expand...
Click to collapse
You could, but you might be better off installing something that will actually protect your device.......
(lookout)
Malware in android market??
What can i do to protect my SGT?
Next flash new
Rottenapple says that android is rubbish and not to be used, also is copy of iOS because apple invented the world and they have a patent to prove i
conantroutman said:
You could, but you might be better off installing something that will actually protect your device.......
(lookout)
Click to expand...
Click to collapse
Or you could do neither and just not install pirated apps and only install apps from legit devs.
A. Nonymous said:
Or you could do neither and just not install pirated apps and only install apps from legit devs.
Click to expand...
Click to collapse
Thats some good advice right there...
Sent From My Fingers To Your Face.....
conantroutman said:
You could, but you might be better off installing something that will actually protect your device.......
(lookout)
Click to expand...
Click to collapse
Ohh,,any good suggestion conantroutman? Something that will actually protect my device?
Sent from my GT-P1000 using XDA App
Grr Google ...
So that is probably how my twitter account got hacked.
If the mallware can do all that mentioned in the article then I guess it will have no problem reading saved passwords like Gmail and others
Twitter account got hacked a while after starting to use Galaxy Tab, I am thinking the pass from Android was read by some mallware.
A Skype update mentioned a similar thing and asked to update.
If I remember correctly Android was supposed to allow each application to read/write its in its own area in the device, I guess that only applies to the ... "good-ware" applications, the mall-ware can read all the other data.
On the other hand Google can do a great job when it comes to not letting us see/install all applications because we are from some X country.
... sent from my PC
My mama once told me always use protection son!
As Mulder on the X-Files used to say, “Trust No One”. Not even this site. Use your common sense and check the sources. Can you verify the information? Does the information sound balance and reasonable? Where else can you research this before you do something that cannot be fixed? At the end of the day, you are the last barrier of protection for yourself.
naimmkassim said:
Ohh,,any good suggestion conantroutman? Something that will actually protect my device?
Sent from my GT-P1000 using XDA App
Click to expand...
Click to collapse
Read my last post!
In other news
Cupertino Tart report that Android is bad and will eat your babies
Here: www.rottenapples.troll
In the other hand the chaps at Redmond knows a lot about malware and viruses, after all they suffered every single infection known to man and computer
naimmkassim said:
Ohh,,any good suggestion conantroutman? Something that will actually protect my device?
Sent from my GT-P1000 using XDA App
Click to expand...
Click to collapse
Lookout and wavesecure were reccomended to me...
conantroutman said:
Lookout and wavesecure were reccomended to me...
Click to expand...
Click to collapse
Wow. Nice one, i will try it. Thanks. They should upgrade this tapatalk so that i can hit the thanks button for you
Sent from my GT-P1000 using XDA App

about rooting

I just wanted to give my opinion about rooting, I'm sure a lot of people like to do so, but on this device I don't think that you need to, I did a root on my .gs1 because of lag, then my arc needed more then root lol but my sgs 3 so far the best phone that I ever seen, not perfect, but as for lag, battery life, speed its top!
Sent from my GT-I9300 using xda premium
There a a ton of reasons to root besides lag.
I have an app that requires root that keeps my clock in sync with the actual atomic clock time. The system clock will, over time, be too fast or too slow which means that eventually my phone is a few minutes off.
I have an app that requires root that is used to freeze/quarantine bloatware.
I have an app that requires root that allows me to backup not only my applications, but the application data as well.
I also enjoy root for custom ROMs and kernels that have less lag/stutter than the phone normally does (and yes, this still applies to the Samsung Galaxy S3).
There are always reasons to root.
I understand, I'm not saying not too, for me if the phone is good I'm leaving it stock
Sent from my GT-I9300 using xda premium
Root no >> then no Nandroid and No TB no Ad Blocker . No push apps .
jje
Rooting has absolutely nothing to do with reducing lag or anything at all performance wise.
Rooting just gives you superuser permissions on your device.
Even if you are running an octo core phone with 5gb of ddr3 ram, rooting still offers benefits.
Sent via some sort of internet thing
I fail to see the reason for this topic.
You choose not to root your phone and seem to have no idea what rooting actually means.
Fine by me, why should I or anyone else care what you personally do and do not do with your phone?
ok I have another question is there a root where could just download an app like a old g s one?
Sent from my GT-I9300 using xda premium
Poker gypsy said:
ok I have another question is there a root where could just download an app like a old g s one?
Sent from my GT-I9300 using xda premium
Click to expand...
Click to collapse
No No
jje
I rooted because the T-Mobile not sound was annoying. Without root, I couldn't get rid of it. Also ad block needed to be done.
Poker gypsy said:
ok I have another question is there a root where could just download an app like a old g s one?
Sent from my GT-I9300 using xda premium
Click to expand...
Click to collapse
No, must root through PC odin, root is about permission, not performance. You must read more dude
Sent from my GT-I9300 using Tapatalk 2
d4fseeker said:
I fail to see the reason for this topic.
You choose not to root your phone and seem to have no idea what rooting actually means.
Fine by me, why should I or anyone else care what you personally do and do not do with your phone?
Click to expand...
Click to collapse
+1. This is a pointless thread. You opened it just to say, "I don't want to root my phone. No reason."
thought this was XDA forums ?? who HASNT rooted their phone on this site? LOL :laugh::victory:
Lpuboy87 said:
thought this was XDA forums ?? who HASNT rooted their phone on this site? LOL :laugh::victory:
Click to expand...
Click to collapse
me I didn't know that you had to have your phone rooted to be in this form? are they going to band me now? maybe I shouldn't say anything please don't tell
Sent from my GT-I9300 using xda premium
apisfires said:
No, must root through PC odin, root is about permission, not performance. You must read more dude
Sent from my GT-I9300 using Tapatalk 2
Click to expand...
Click to collapse
thanks for the info I just never had any luck with rooting yes I'm not good at that stuff I'm not saying rooting is bad or wrong but a lot of people don't have the knowledge I would do it if I know that I wouldn't brick my phone
Sent from my GT-I9300 using xda premium
Poker gypsy said:
me I didn't know that you had to have your phone rooted to be in this form? are they going to band me now? maybe I shouldn't say anything please don't tell
Sent from my GT-I9300 using xda premium
Click to expand...
Click to collapse
and to think this site was for people who need help with there phones?
Sent from my GT-I9300 using xda premium
I would do it if I know that I wouldn't brick my phone
Click to expand...
Click to collapse
Galaxy Phones are hard to hardbrick (not revivable through simple software and/or a 2$ USB-Jig)
By following the instructions in the General section ('following' meaning 'reading', not 'assuming' or 'trying') you're on a quick and painless root.
Poker gypsy said:
and to think this site was for people who need help with there phones?
Sent from my GT-I9300 using xda premium
Click to expand...
Click to collapse
You don't need help though. You started this thread just to say you don't want to root your phone. That's pointless.
Poker gypsy said:
me I didn't know that you had to have your phone rooted to be in this form? are they going to band me now? maybe I shouldn't say anything please don't tell
Sent from my GT-I9300 using xda premium
Click to expand...
Click to collapse
.......just saying most of the threads here are about rooting..mods...roms...etc..etc.....You just post about im not rooting...ok..Great...you needed to make a thread saying that?? Why not make a thread about todays weather while your at it
Lpuboy87 said:
.......just saying most of the threads here are about rooting..mods...roms...etc..etc.....You just post about im not rooting...ok..Great...you needed to make a thread saying that?? Why not make a thread about todays weather while your at it
Click to expand...
Click to collapse
if you read my thread you will know! I was asking about it I didn't know what was the good and bad!
Sent from my GT-I9300 using xda premium
Chaos Residue said:
You don't need help though. You started this thread just to say you don't want to root your phone. That's pointless.
Click to expand...
Click to collapse
I need help with people that don't read the beginning of threads!
Sent from my GT-I9300 using xda premium

Watch where you get your Apps from.

With this Root exploit on Exynos I for one will be be careful where I get my Apps from, lets hope this hole gets closed.
Here :- http://forum.xda-developers.com/showthread.php?t=2047991
There are some nasty people out there who want our info.
Thanks for raising awareness of this issue. Your advice should be applied by more people, not just because of this exploit but rather as a general precaution in every situation.
jb.traveller said:
With this Root exploit on Exynos I for one will be be careful where I get my Apps from, lets hope this hole gets closed.
Here :- http://forum.xda-developers.com/showthread.php?t=2047991
There are some nasty people out there who want our info.
Click to expand...
Click to collapse
Fixed in the latest codeworkx experimental cm10.1.
http://forum.xda-developers.com/showthread.php?t=2035141
poldie said:
Fixed in the latest codeworkx experimental cm10.1.
http://forum.xda-developers.com/showthread.php?t=2035141
Click to expand...
Click to collapse
Great work. Fast update.
Sent from my GT-I9300 using xda premium
poldie said:
Fixed in the latest codeworkx experimental cm10.1.
http://forum.xda-developers.com/showthread.php?t=2035141
Click to expand...
Click to collapse
would that be this changelog entry?
https://github.com/cyanogenmod/andr...mmit/c3e546ee57369dc2dd340c07868df83380428de0
Yeah, I just saw this over at Engadget.
Well, it has reached public awareness now. Samsung should send us an update.
The next 4.1.2 update will almost certainly be delayed.
So what do you think who will get update first s3 or note 2?
Sent from my GT-I9300 using xda premium

CrossBreeder - Lag reduction

Wanted to share some info with you guys about CrossBreeder. Been using it for a bit now. Getting great results with no downside so far. Battery life has not been affected. It has improved response across the board. Click on the link below, and go check it out .
idcrisis; said:
This is a combination of 3 different methodologies to reduce Android lag due to low entropy.
Click to expand...
Click to collapse
[MOD] CrossBreeder - Lag reduction with new improved Havege entropy generator!
These entropy generators
Sent from my PG06100
How do you say this is vs seeder
Shifted from planet Namek
thronnos said:
How do you say this is vs seeder
Shifted from planet Namek
Click to expand...
Click to collapse
I know this is going to open up a can of worms . I've tried both. I have to say I like this one slightly more. But that's just me.
TEAM MiK
MikROMs Since 3/13/11
prboy1969 said:
I know this is going to open up a can of worms . I've tried both. I have to say I like this one slightly more. But that's just me.
TEAM MiK
MikROMs Since 3/13/11
Click to expand...
Click to collapse
What do you mean this is going to open up a can of worms..? Did it open a security hole and make virus can come freely to my device..?
Sent from my PG06100 using Tapatalk 2
ega972 said:
What do you mean this is going to open up a can of worms..? Did it open a security hole and make virus can come freely to my device..?
Sent from my PG06100 using Tapatalk 2
Click to expand...
Click to collapse
I don't think anyone would post malicious code on xda. BUT with that being said when you rooted your phone you opened the biggest security threat I feel is out there. Why? Well because most users don't "pay attention" to certain things and leave the system wide open.
Sent from my myTouch_4G_Slide using Tapatalk 2
ega972 said:
What do you mean this is going to open up a can of worms..? Did it open a security hole and make virus can come freely to my device..?
Sent from my PG06100 using Tapatalk 2
Click to expand...
Click to collapse
No, no, no. What I meant was that there would be a debate as to which App, or method I'd better
strapped365 said:
I don't think anyone would post malicious code on xda. BUT with that being said when you rooted your phone you opened the biggest security threat I feel is out there. Why? Well because most users don't "pay attention" to certain things and leave the system wide open.
Sent from my myTouch_4G_Slide using Tapatalk 2
Click to expand...
Click to collapse
Yes Sir
TEAM MiK
MikROMs Since 3/13/11
strapped365 said:
I don't think anyone would post malicious code on xda. BUT with that being said when you rooted your phone you opened the biggest security threat I feel is out there. Why? Well because most users don't "pay attention" to certain things and leave the system wide open.
Sent from my myTouch_4G_Slide using Tapatalk 2
Click to expand...
Click to collapse
Most people don't even pay attention to the permissions of the apps they download... Why would you let a game be able to make phone calls or send sms? (I have seen more than a handful with these permission requests)
Sent from my SPH-D710
bilgerryan said:
Most people don't even pay attention to the permissions of the apps they download... Why would you let a game be able to make phone calls or send sms? (I have seen more than a handful with these permission requests)
Sent from my SPH-D710
Click to expand...
Click to collapse
Yuuuup. The best android antivirus is an observant end-user
Sent from my PG06100
CNexus said:
Yuuuup. The best android antivirus is an observant end-user
Sent from my PG06100
Click to expand...
Click to collapse
Yeah I only run a few apps at a time. I think maybe less than 8. And I def won't do like the black market apps that get cracked versions of games. That just scares me lol
Sent from my myTouch_4G_Slide using Tapatalk 2
strapped365 said:
Yeah I only run a few apps at a time. I think maybe less than 8. And I def won't do like the black market apps that get cracked versions of games. That just scares me lol
Sent from my myTouch_4G_Slide using Tapatalk 2
Click to expand...
Click to collapse
You know what I find ironic? Cracked antivirus'.
Sent from my PG06100
I never use an anti virus. I never keep apps that I don't use at least once a week on my phone. Mobile anti virus is the biggest scam since tiered data plans
Shifted from planet Namek
thronnos said:
I never use an anti virus. I never keep apps that I don't use at least once a week on my phone. Mobile anti virus is the biggest scam since tiered data plans
Shifted from planet Namek
Click to expand...
Click to collapse
I mean antivirus' in general, not just mobile
But I do agree with you :good:
Sent from my PG06100
CNexus said:
I mean antivirus' in general, not just mobile
But I do agree with you :good:
Sent from my PG06100
Click to expand...
Click to collapse
Cracked antivirus is an oxymoron, like jumbo shrimp.
bilgerryan said:
Cracked antivirus is an oxymoron, like jumbo shrimp.
Click to expand...
Click to collapse
I know, thats why I say I find it ironic
CNexus said:
I know, thats why I say I find it ironic
Click to expand...
Click to collapse
Sorry I'm a grammar Nazi, it's not really ironic lol.
Well I finally broke down and tried this but I also DLed "Check Random Entropy Avialable" from the play store and the number it is supposed to be showing is 4096 but mine only shows 200 at best. :-/ oh! oh! It just jumped to 268!
Edit: Buuuut, my evo does seem to be running a lot smoother! hmmm...
Chad The Pathfinder said:
Well I finally broke down and tried this but I also DLed "Check Random Entropy Avialable" from the play store and the number it is supposed to be showing is 4096 but mine only shows 200 at best. :-/ oh! oh! It just jumped to 268!
Edit: Buuuut, my evo does seem to be running a lot smoother! hmmm...
Click to expand...
Click to collapse
I always get 4096 with Seeder
Well I'm om my 4th or 5th ROM on this thing and I'm beginning to think maybe it just sucks.
Chad The Pathfinder said:
Well I'm om my 4th or 5th ROM on this thing and I'm beginning to think maybe it just sucks.
Click to expand...
Click to collapse
The EVO? It's hardware is more outdated than the Shift

Categories

Resources