Samsung Backdoor Capable of Siphoning Data Remotely, Replicant Developers Say
Developers of the free Android library Replicant have discovered a backdoor in Samsung’s proprietary software capable of siphoning storage data remotely, according to The Free Software Foundation. The proprietary program manages the modem communication protocol.
Today, smartphones have two distinctive processors; on one runs the operating system and on the other one, known as modem, runs a proprietary system that manages communication with the mobile network.
“This processor always runs a proprietary operating system, and these systems are known to have backdoors that make it possible to remotely convert the modem into a remote spying device,” Replicant developer Paul Kocialkowski said. “The spying can involve activating the device’s microphone, but it could also use the precise GPS location of the device and access the camera, as well as the user data stored on the phone.”
Also, the backdoors are almost always accessible as “modems are connected most of the time to the operator’s network.”
The backdoor gives the modem permission to do remote file input/output on the data storage, being able to read, write and delete storage files.
The backdoor is present in most Samsung Galaxy devices. In several models, the user’s personal data can be accessed and modified as the proprietary system runs with high privileges.
Replicant developers have released a work-around for the backdoor on almost all affected versions except Galaxy S (I9000) where libsamsung-ipc, the proprietary program, runs as root.
The blog post concluded that “This is yet another example of what unacceptable behavior proprietary software permits!”