Security vulnerabilities, especially in software, isn’t completely unheard of, but very few are portrayed as being deliberately included for the benefit of certain individuals. Such is the picture that is being painted about a number of Samsung‘s Galaxy smartphones, at least according to developers of a different kind Android replacement.
The disclosure was published on the Free Software Foundation (FSF) website, an organization whose founder, Richard Stallman, can be credited for being one of the masterminds behind the open source movement. The discovery of the backdoor was made by the developers of Replicant. Unlike custom Android ROMs that take their roots from the Android Open Source Project (AOSP), Replicant aims to be a completely free (as in speech) and open source version of Android, with completely no proprietary or closed source bits hiding in any corner. It is during the development process of this Android replacement, particularly on Samsung’s devices, that the developers came across this alleged vulnerability.
Smartphones these days contain at least two processors. One that people are more familiar with is the general-purpose application processor that is in charge of running the whole operating system. Working behind the scenes, however, is the processor for the modem or baseband, in charge of communicating with mobile networks. According to the Replicant developers, the proprietary operating system running on the modem implements a backdoor that lets the modem read and write on the filesystem, without the general-purpose processor knowing about it. They claim that this can be exploited to remotely gather user information and even modify the system without anyone knowing it, except for the person who sent the remote commands, which in this case could be Samsung or carriers or hackers. Replicant developers name 9 devices that have this backdoor, including the Galaxy S III and the Galaxy Note II. However, in only one case, that of the Galaxy S, does the modem have full system privileges as root. All the rest have limited write access but can still read any data.
Though frightening, this might be half the picture only. The other half was painted by security researcher Dan Rosenberg, who was approached by Ars Technica for more insight. Rosenberg’s bottom line is that the backdoor claim is a bit of an overstatement. For one, the extent of the changes that can be done is quite limited except in the case of the Galaxy S. He also says that neither the FSF nor Replicant developers were able to provide proof of how this opening can be remotely exploited. The example that they gave only proved served to prove another aspect of this alleged backdoor, that it was mostly intended for very mundane purposes and simply poorly implemented. He sees it as quite a jump to ascribe malice in this.
In his refutation, Rosenberg, however, doesn’t deny the fact that the functionality exists or that it is possible to exploit, only that it is rather unlikely if not extremely difficult to do any damage beyond what any other malware might more directly produce. He even expands the list of affected smartphones to include the Galaxy S 4 and the Galaxy Note 3. He does point out that the FSF has an agenda against proprietary software that is making them overstate the facts. The FSF does make an appeal to the public to call on Samsung to explain this functionality and provide an free software version of the modem processor’s operating system, although that is very unlikely to happen.