Developers have reported they discovered a proprietary software-based Android backdoor on at least nine different Samsung smartphone and tablet models that will allow attackers to use the radio modems on some devices to execute remote file system commands that can be employed to steal sensitive data.
“We discovered that the proprietary program running on the applications processor in charge of handling the communication protocol with the modem actually implements a backdoor that lets the modem perform remote file I/O operations on the file system,” wrote developer Paul Kocialkowskiyed.
“This program is shipped with the Samsung Galaxy devices and makes it possible for the modem to read, write, and delete files on the phone’s storage. On several phone models, this program runs with sufficient rights to access and modify the user’s personal data,” Kocialkowskiyed continued.
The backdoor is not part of the Android processor functions, but takes advantage of the processor commonly known as the modem, baseband, or radio, which enables communications with the users’ mobile network. Kocialkowskiyed says these proprietary operating systems are known to be vulnerable to exploits which can turn the modem into a remote spying device.
“The spying can involve activating the device’s microphone, but it could also use the precise GPS location of the device and access the camera, as well as the user data stored on the phone. Moreover, modems are connected most of the time to the operator’s network, making the backdoors nearly always accessible,” Kocialkowskiyed said.
“It is possible to build a device that isolates the modem from the rest of the phone, so it can’t mess with the main processor or access other components such as the camera or the GPS. Very few devices offer such guarantees. In most devices, for all we know, the modem may have total control over the applications processor and the system, but that’s nothing new.”
Earlier this month, researchers from a mobile security management platform have detected pre-installed malware posing as a Netflix application on Android devices that were manufactured by giants like Asus, Samsung, Motorola, and LG Electronics.
Days later, another set of researchers from a mobile security provider detected the Dendroid Remote Access Toolkit (RAT) in rogue APK files (Android application package files) on Google play which have the ability to send and intercept SMS text messages, capture video from the devices camera and audio from calls using the microphone, download images stored on the device, monitor browser history and bookmarks, and read saved login credentials for user’s accounts.
Read More Here…