Samsung Galaxy devices may have backdoor to user data, developer says

Developers working on Replicant, an open-source OS based on Android, claim to find a flaw that provides access "to read, write, and delete files" stored on some Samsung devices.

The Samsung Galaxy Tab 2 10.1 -- one of the allegedly affected devices.
The Samsung Galaxy Tab 2 10.1 -- one of the allegedly affected devices. Josh Miller/CNET

Samsung's Galaxy devices might have a built-in security flaw that could allow for "remote access to data," a developer claims.

The folks behind Replicant, a free and open-source OS that aims to replace proprietary Android components with free alternatives, claim to have discovered a flaw in certain Samsung devices that allows for access "to read, write, and delete files on the phone's storage." In addition, the developers said that the flaw has "sufficient rights to access and modify the user's personal data."

In a blog post detailing the issue on Wednesday, Replicant developer Paul Kocialkowski said the trouble resides in the use of two processors in mobile devices. The applications processor runs the main operating system, while another, baseband processor, is used to handle communications to and from the device. The issue with the baseband processor in Samsung's devices, Replicant argued, is that it's using a proprietary Samsung software to handle all the communication -- and that software allows for a backdoor to user data.

"Provided that the modem runs proprietary software and can be remotely controlled, that backdoor provides remote access to the phone's data, even in the case where the modem is isolated and cannot access the storage directly," Kocialkowski wrote.

Although Replicant said that the software could potentially access user data, it appears that it's doing nothing wrong. In fact, the company wrote that there are some features in the software that are "legitimate."

According to Replicant, the Nexus S, Galaxy S, S2, and S3, and Galaxy Tab 2 10.1, among other Samsung devices, are affected by the issue. It's worth noting that Replicant's announcement might also be somewhat self-serving: the company said in a blog post that its free alternative would mitigate the issue.

CNET has contacted Samsung for comment on the report. We will update this story when we have more information.

Featured Video
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

Toshiba's Radius 12 is a stunning hybrid laptop with some comfort issues

It seems speedy and it has a beautiful screen, but the Toshiba Satellite Radius 12 might not be worth your money. CNET's Sean Hollister goes hands-on.

by Sean Hollister