Fearmongering 101: The Case of the Samsung Galaxy Backdoor Exploit
Yesterday, the Free Software Foundation published an article written by Paul Kocialkowski. A software developer for the the Android fork system Replicant, Paul stated that his organization discovered, and later patched, a "backdoor" vulnerability that existed in older Samsung Galaxy devices, including our beloved Galaxy S3s. Only problem is, it's kind of bullshit—but we'll get to that later.
The post detailed a program that runs on the device's radio (baseband + modem), potentially allowing for a backdoor that could read, write, and modify system files on the device's storage from the processor. "We discovered that the proprietary program running on the applications processor in charge of handling the communication protocol with the modem actually implements a backdoor that lets the modem perform remote file I/O operations on the file system"
The article went on to state that Replicant had found a way to close the backdoor, which required an installation of their open-sourced Android fork. "Our free replacement for that non-free program does not implement this backdoor. If the modem asks to read or write files, Replicant does not cooperate with it."
Hmm...so the fix is to use their software, interesting.
The article and exploit have been effectively debunked, thanks to a tip to XDA from an anonymous security expert. Basically, making this backdoor actually work would "require a modified firmware with with security features disabled".
This means that if you've accepted a firmware update in the last year, which you probably have, then you're safe. In addition to that, our devices now run SELinux (a security module in Linux kernels, ie. Android), which all but closes the door on this type of potential attack.
Replicant is a free, fully open-sourced Android distribution, or fork. As such, they take great strides in building ROMs that are indeed open, from their source code to their apps—so much so that they even substitute Google's proprietary apps with open source alternatives. While it may not be great to the average end user, open source apps have been steadily gaining ground, even if most of us will replace them for the more polished, closed sourced versions. But the one area where open source stalls are with proprietary device drivers, causing headaches to devs trying to port things like Bluetooth and LTE functionality. Groups like CyanogenMod use general workarounds to make everything functional, but that's usually at the cost of stability, since OEMs like Samsung will just about always include proprietary code into basic functions.
A post like the one written by Paul is great in that it points out security flaws, but this case seemed quite self-serving. Not only did they tout their "fix" and their software, but by calling out Samsung, they hoped to make some waves within the consumer community. If we read the post and get angry enough, enraged emails and tweets to Samsung could elicit a response. But more than that, an uproar can cause the OEM to actually release their code, in this case for the modem/processor, which in turn makes forks like Replicants much more stable, since they can infuse the original code from the manufacturer.
But in this case, I wouldn't count on it, or even a response from Samsung. The internet did its job, and we can rest assured that the hit in credibility to Replicant, as well as the Free Software Foundation, will hopefully curb this type of fearmongering sensationalism...hopefully.