Developers working on the Replicant OS, a free and open-source spin of Google’s Android, have discovered a backdoor into the device’s filesystem.The backdoor is question works on a number of Samsung Galaxy mobile devices with the stock Android image, but the official announcement claimed that it was present in “most proprietary Android systems running on the affected Samsung Galaxy devices, including the ones that were shipped with the devices”.
In other words, Samsung Galaxy devices which run proprietary Android versions have a backdoor allowing for remote access to the information stored on the mobile device.It was found in the proprietary software responsible for handling the communications with the modem. The security experts confirmed that via the Samsung IPC protocol, it implemented a class of requests called RFS commands. They allow the modem to perform remote I/O operations on the device’s storage.
Apparently, when the modem is running proprietary software, it offers over-the-air remote control, which could later be used to issue the incriminated RFS messages and obtain access to the file system of the affected device. In other words, anyone aware of the backdoor is able to walk directly into the Nexus S, Galaxy S, Galaxy S2, Galaxy S3, Galaxy Note,Galaxy Note 2, and Galaxy Tab 2. Actually, the Galaxy S appeared to be the most insecure, because the backdoor software is running there as root.
Replicant developers believe that the vulnerable software could possibly be added for legitimate purposes, without the intent of doing harm by providing a backdoor. The most interesting fact is that the problem in security was reported on the Replicant Wiki page weeks ago, but none of the software developers appear to have noticed it.