[Update 12/17/12: The vulnerability was found with Exynos 4 processors, not Exynos 5 processors as stated in the original post.]
Got a Samsung S II or S III, Galaxy Note or Note II, or the Galaxy Tab 2.8 or Galaxy 10.1 among your users in the enterprise? Get ready for a rough day.
Before you have coffee — or during — find out who’s got these devices in your biz, who has rooted them and who hasn’t, and remove all company data from them. Stat. Here’s why. According to XDA Developers news that bubbled up to boiling point over the last several hours, Samsung devices powered by the Exynos 4 processors are vulnerable to serious attack — some of which will access any data you’ve got stored in RAM and, no one yet seems quite sure, EEPROM.
Happy Monday, IT pros. Don’t shoot the messenger.
XDA Developers claims that the problem isn’t limited only to Samsung.
If you’ve been saving pennies or going rogue and buying instead from mass makers like Lenovo or lesser knowns like Meizu, your data is potentially compromised too. Many of these also have Exynos 4 processors. Note that it won’t take long to have your device(s) compromised. I already found one video on YouTube that explains how to do it, and as of this writing, YouTube had not removed it.
Your users — even the sneakiest, smartest, and savviest — likely won’t even know it’s happening. There’s no message that pops up saying something to the effect of: We are stealing your data now. Hang tight.
One user on the XDA Developers site wrote over the weekend, “The good news is we can easily obtain root on these devices. And the bad is there is no control over it.”
What’s the best option, short of ripping away Samsung and other Exynos 4-based smartphones and tablets from users? Root it. An XDA Developer who goes by the name of “chainfire” has released a kit for savvy users and IT pros that will root the device and, essentially, patch over the vulnerability.
Of course, there’s a catch. If you root your phone, you void the warranty. But what would you rather have voided — the security of your enterprise or the warranties of a few phones with warranties you’ll likely never take advantage of anyway?
XDA Developers says it has notified Samsung, and so have I. This isn’t the first time security problems have plagued Samsung Android phones. So, keep an eye on TechRepublic and/or aNewDomain.net — when we hear of a permanent fix, we’ll make every effort to have you be first to know. In the meantime, you should also check out the XDA Developers forum.