Web Host Chat - The UK's host forum since 2001!
RECOMMENDED HOSTS
Colocation Rack Services
UK Web & Reseller Hosting
UK Leased Lines
VMWare Cloud Servers
Advertise here!
News
Hosting
Data Centres
Networking
Security
Software
Hardware
Business
Jobs
Science
Other

Samsung Galaxy Remote Backdoor Discovered

The developers at Replicant (an Open Source project aimed at replacing all proprietary components within Android OS) has discovered a remote back door in the Samsung Galaxy series of mobile devices and the Nexus S.

The backdoor is only present in the proprietary version of Android bundled with the Samsung devices.

So far, investigations reveal that the backdoor is relatively benign despite having read and write access to sensitive areas of the filesystem.
Posted by 24/7/365.
Published 22:34, Sat 15 Mar 2014.
Viewed 42 times.
Modern phones are designed with two separate processing units. One runs the operating system and the other, the modem/radio. The OS is usually open source but the modem/radio almost always run proprietary code. It's within the modem/radio that the backdoor resides.

According to the blog at the Free Software Foundation, these components should be run in isolation but often there can be no guarantee that this happens. After all, only the telephone companies would have access to the information that can be accessed via the modem/radio.

As well as being able to access the microphone, GPS location and have read/write access to your device, it can also access your camera too. Whilst none of this is news, finding undocumented code to access these facilities is.

Replicant's primary objective is to make sure your phone is free (as in beer and speech) and contains no proprietary code. Since their early days, when their first act of freedom was to liberate the HTC Dream's audio drivers, the project has managed to add modem, camera and GPS functionality.

If the thought of backdoor access to your personal data unsettles you, you could always try running Replicant or Cyanogen Mod.
Source Link: www.fsf.org
Comments on this
Sorry, there are no comment yet on this! Please feel free to be the first.
Post a comment on this
Please login in order to use this feature.
Username:
Password:
Please login to view the full contents of this page.
If you don't have an account you can;
Register one here.
Posted by
Profile: OpenITC

Don't miss:

Five keys to choose a cloud computing provider
There are many companies who have chosen to make the leap to the cloud. In fact, according to a Internet survey report more companies used cloud computing in order to improve their productivity. However, before addressing this new IT delivery model it is essential for companies to make an analysis of the main Cloud computing service providers of the market. First, companies should consider one thing before establishing any relationship, without trust it is impossible to establish a good working relationship. However, there are more aspects that need to be fixed before signing an agreement on cloud computing.
Rural broadband maps criticised for lacking detail
The government and BT are under fresh attack for the way the rollout of the UK's rural broadband is being handled.
After nine years, the Million Dollar homepage is 22% dead
The Million Dollar Homepage was a phenomenon in 2005, but almost a decade on, it stands as a monument to the fragility of the internet: over one-fifth of the links on the site are dead.
GitHub Founder Suspended over Harassment Claims
Last Friday, Julie Ann Horvath dramatically quit over allegations of harassment by leadership at GitHub over the last two years. GitHub is a developer platform that allows users to share code. The website is based on Git, the version control software created by Linux hacker and founder, Linus Torvalds. Until Friday, Julie was a developer at the company.
Samsung Galaxy Remote Backdoor Discovered
The developers at Replicant (an Open Source project aimed at replacing all proprietary components within Android OS) has discovered a remote back door in the Samsung Galaxy series of mobile devices and the Nexus S. The backdoor is only present in the proprietary version of Android bundled with the Samsung devices. So far, investigations reveal that the backdoor is relatively benign despite having read and write access to sensitive areas of the filesystem.
Intel to Make Monster 800Gbps Cables
No, not gold-plated Monster cables but monster 800Gbps cables! It looks like Intel is forging ahead with it's plans to disaggregate rack server infrastructure. Intel will be launching these new MXC cables in the later half of the year. Each cable bundles up to 64, simplex fibres to aggregate 1.6TB of bandwidth and can transmit up to 300 metres without repeaters.
Cambridge University - No More Password Leaks
Those smart folks working at Security Research in the University of Cambridge Computer Labs have developed a hardware device which promises to protect you from password leaks. That's a big promise so does it stack up?
Energy windfall for data centres
Energy harvesting has been an ideology for some time. With recent developments, we will soon see solutions being tested that will deliver significant changes in the way data centres are run
Web.com acquires SnapNames domain names drop-catch/auction service
Web.com acquired SnapNames on 3/March/2014, and continues partnership with NameJet domain name auction platform from Rightside (the domain name services spinoff from Demand Media)
Raspberry Pi Foundation Offers $10K Bounty for GPU Driver Port
With over 100,000 units sold on the first day of sales and over 2 million sold by the end of 2014, the Raspberry Pi has been an incredible success. The Raspberry Pi Foundation, set up as a charitable organisation in 2008, has a mission statement to "promote the study of computer science and related topics, especially at school level, and to put the fun back into learning computing." and despite it's success, not everyone's happy.
Geo Network - Where Fibre Meets Your Fibre
Getting physically connected between locations has always been expensive and time consuming due to negotiating rights of way and the actual laying of the physical cable. Chris Smedley, CEO of Geo Networks has decided to team up with Thames Water for a quicker and more efficient way of laying fibre. The London sewerage system.
US TSA Employing Psycics to Find Passengers With Bitcoins
Two airport security personel stopped Davi Barker at a US airport, claiming to have 'seen bitcoins' in his bag. Clearly a new form of modern day magic as bitcoins are a virtual currency !
Dynamic kernel patching from Red Hat
Red Hat show off their work on dynamic kernel patching which allows kernel upgrades without rebooting your system
Microsoft now the largest Windows host
Microsoft's Windows Azure cloud platform has helped it to surpass Amazon as the largest Windows host
Docklands Harbour Exchange bought in 37 million deal
A £37million deal was announced on Monday morning for the three building development near South Quay on the Isle of Dogs. It was previously owned by Land Securities Group.
Nominet Selected to Provide Emergency Backup Registry Services
In the (increasingly likely) event that one of the newGTLD operators goes t1tsup, transfer of the TLD to an Emergency Operator comes into force. Nominet officially selected as one of the EBERO's
New Silk Road hit with $2.6 million heist due to known Bitcoin flaw
"Transaction malleability," which worried Mt. Gox and Bitstamp, strikes again. Not only are Bitcoin trading sites like Bitstamp and Mt. Gox susceptible to the recent accleration of the "transaction malleability" problem, but apparently the Silk Road—or at least its newest incarnation—is too. Is this the end for Bitcoin as we know it?
Hackers now filming their remote victims
Cyber-thieves are increasingly grabbing video of how victims use their computer, to better steal from online bank accounts, a security firm reveals.
Finalists announced for the first UK Cloud Awards
The shortlist of finalists for the UK Cloud Awards 2014 have been announced, the new awards organised by the Cloud Industry Forum (CIF), Cloud Pro and techUK. There will be 15 awards across 2 categories, projects and products. In the products category, there is a wide variety of new and established businesses from startups to major international corporations. The winners will be announced at ceremony to be held at City Hall on 26th February, 2014.
Largest Ever DDoS Cyber Attack Hits US and European Victims
Multiple reports suggest the largest ever DDoS attack - peaking at 400Gbps - has hit targets in the US and Europe though who is behind the attack, and who the victims were remains a mystery.
Tech Billionaires Made Up 75% Of 2013′s Most Philanthropic People Under 50
Tech Billionaires Made Up 75% Of 2013′s Most Philanthropic People Under 50 with Zuckerberg giving away nearly $1bn.
AMD and ARM working together for server CPUs
AMD has worked with ARM to lower the energy requirements for data centre servers. Power usage is one of the most important aspects of servers today.
Icelanders to enjoy virtual cash giveaway
Following the hype and furore around the various virtual currencies being released on a seemingly daily basis, for the first time an entire nation is to be given some virtual currency.
KNCMiner building Arctic Circle DataCentre for Bitcoin Mining
KNC Miner (a Swedish Company) are using the 'pre-order' funds they have accumulated from over 4000 orders of a $12000 BitCoin Mining device to build a 10MW datacentre in The Node Pole region, near the Arctic Circle in Sweden.
DDoS : Who watches the watchmen?
Recent revelations from more leaked Snowden files show GCHQ has been using hackers own techniques against them and DDoSing their chatrooms and even using crafted BBC articles to scrape data to help identify users.
.uk domain names to launch on June 10th
Nominet are cashing in on the new gTLD hype with shorter .uk domains available to register from June 10th 2014
AWS now the most popular host
Amazon Web Services hosts more web sites from the top 100,000 domains than any other host according to data provided by Alexa
PayPal and eBay websites hijacked
The Syrian Electronic Army are claiming responsibility for hijacking the paypal.co.uk and ebay.co.uk web sites.
GoDaddy security blunder
A security blunder by domain registrar GoDaddy has cost a Twitter user their $50k one character handle thanks to some basic social engineering.
Telehouse opens a new 1000 square meter co-location floor in London
Telehouse who have long been a leading provider of data centre space has opened the final phased floor with 1000 sq.meters of available co-location space at Telehouse West.
.Scot wait is over new top level domain for Scotland
Congratulations Scotland, they have finally been awarded the dot Scot TLD, unfortunately there is no news on .haggis yet.
Rackspace has lift off for ObjectRocket in the UK
Rackspace has launched OBJECTROCKET in the UK and releases NoSQL Database-as-a-Service (DBaaS) in it's London data centres.
Infinity SDC has opened a new flagship data centre
Brand new Slough based data centre has been opened by Infinity with a respectable PUE of just 1.25. It will offer much needed new data centre space in the Thames Valley area.
Ministry of Justice signs deal with Ark for Data Centre solution
Ark claims to provide the most power efficient data centre solutions to lower the running costs with PUE scores as low as 1.08.
What is a cloud? Not many end users have a clue
While the companies supplying "cloud" services should know what they are selling, it is quite clear that most customers really don't have a clue what it means, or even if it's fluffy.
Zapp plans to take on PayPal for Mobile payments
The mobile payments brand Zapp is planning to squeeze in beside PayPal by investing tens of millions in to it's launch.
Should all hosting companies accept PayPal
As more and more people have PayPal accounts, is it important to accept PayPal as a payment method? Or are the risks and costs not worth it.
Googles Chrome web browser could be keeping an eye on you
An Israeli web developer says that Google's web browser could be spying on you. Google dismisses the allegation of eavesdropping threat.
The internet is a gift from god according to the Pope
Pope Francis clearly loves the web, and has called the internet a "gift from god". And that it is able to bring people together more easily.
2014's web hosting company problems to keep an eye on
2014 should see the ever growing web continue to expand at a rate yet again even faster than before. More and more companies will continue to utilise the web's advantages, and with that there will come new challenges for hosting companies.