Serious vulnerability reportedly leaves Samsung Galaxy S III and other devices wide open to malware

Galaxy S III Verizon

User alephzain at xda-developers reported yesterday that a severe vulnerability in the Samsung Galaxy S III, Galaxy S II, Galaxy Note II, and potentially several other devices, could give remotely downloaded apps the ability to read user data, brick phones, or perform other malicious activities. "The good news is we can easily obtain root on these devices and the bad is there is no control over it," alephzain writes. While many vulnerabilities that pop up require physical access to a phone, multiple developers indicate that this newly-identified issue is far more severe, since it could allow apps downloaded from the Google Play Store an easy way to exploit the devices.

According to xda-developers user supercurio, Samsung has been made aware of the security hole, but the company has not publicly acknowledged the issue. It's not clear what the risk is for users at this point — the vulnerability appears to only now be gaining publicity — but supercurio notes that "millions of vulnerable devices are out there now." (The vulnerability is suspected to potentially affect all devices with Exynos 4210 and 4412 processors that use Samsung code.) User Entropy512 adds that "this exploit changes things — there is a no root exploit that can be used by an app straight from the market, in the background, with little to no user intervention." We have reached out to Samsung for comment and will update you if the company responds.

Thanks, alphaq!

Update: Samsung has notified Android Central that it is "currently in the process of conducting an internal review" in regard to the security hole. We'll update you if we receive any additional answers from the company about the issue, or its progress in addressing it.

The Verge
Log In Sign Up

Log In Sign Up

Please choose a new Verge username and password

As part of the new Verge launch, prior users will need to choose a permanent username, along with a new password.

Your username will be used to login to Verge going forward.

I already have a Vox Media account!

Verify Vox Media account

Please login to your Vox Media account. This account will be linked to your previously existing Eater account.

Please choose a new Verge username and password

As part of the new Verge launch, prior MT authors will need to choose a new username and password.

Your username will be used to login to Verge going forward.

Forgot password?

We'll email you a reset link.

If you signed up using a 3rd party account like Facebook or Twitter, please login with it instead.

Forgot password?

Try another email?

Almost done,

By becoming a registered user, you are also agreeing to our Terms and confirming that you have read our Privacy Policy.



Choose an available username to complete sign up.

In order to provide our users with a better overall experience, we ask for more information from Facebook when using it to login so that we can learn more about our audience and provide you with the best possible experience. We do not store specific user data and the sharing of it is not required to login with Facebook.