SamsungGalaxyBackdoor » History » Revision 2
Revision 1 (Paul Kocialkowski, 01/28/2014 05:30 PM) → Revision 2/25 (Paul Kocialkowski, 01/28/2014 05:56 PM)
h1. Samsung Galaxy Back-door This page holds a technical description of the back-door found in Samsung Galaxy devices. For a general description of the issue, please reefer to the following statement: *This back-door is present in most proprietary Android systems running on the affected Samsung Galaxy devices, including the ones that are shipped with the devices. However, when Replicant is installed on the device, this back-door is not effective: Replicant does not cooperate with back-doors.* -> fact that it's not working on replicant, shipped by default h2. Abstract Samsung Galaxy devices running proprietary Android versions come with a back-door that gives remote access to the data stored on the device. In particular, the proprietary software that is in charge of handling the communications with the modem implements a class of requests, known as RFS, that allows the modem to perform remote I/O operations on the phone's storage. h2. Analysis The following analysis was conducted using the @libsec-ril.so@ binary file (the incriminated proprietary software) as extracted from the CyanogenMod 10.1.3 system zip for the Galaxy S 3 (I9300), from location @system/lib/libsec-ril.so@. *Disclaimer: * h2. Notes Our free software replacement for the incriminated binary is [[Samsung-RIL]] which relies on [[Libsamsung-ipc|libsamsung-ipc]], used in Replicant. The affected devices have modems that use the Samsung IPC protocol, mostly Intel XMM6160 and Intel XMM6260 modems. Note that despite this back-door, the devices using these modems are most likely to have good modem isolation, compared to other devices using Qualcomm platforms. Bear in mind that this back-door is implemented in software and can easily be removed by installing a free replacement for the incriminated software, for instance by installing Replicant. incriminated messages disclaimer