A new report filed by the developer of the Replicant ROM, which is a third party custom firmware for Android smartphones and tablets suggests that there is a major security flaw within certain Samsung devices. While it is entirely possible that notifying people of this potential security flaw could just be a move to get more people interested in downloading and installing the Replicant ROM itself, it’s highly unlikely and what purpose would it serve since the ROM is completely free? With that said, the devices that Paul Kocialkowski(the developer of Replicant ROM)mentions are included are the Samsung Nexus S, Samsung Galaxy S, Samsung Galaxy S2, Samsung Galaxy Note, Samsung Galaxy Nexus, Samsung Galaxy Tab2, Samsung Galaxy S3, and Samsung Galaxy Note 2.
The flaw in question comes down to specific line that Kocialkowski says he found within a proprietary Samsung part of the Android code that gives read/write/delete access to the baseband modems within those devices listed above, allowing them to read, write, and delete files on the device storage. He mentions that this line of code has nothing to do with the Google code itself within Android, and is part of the Samsung code specifically. What makes this alleged security flaw even worse is that the user seemingly has no idea this is even happening, making it impossible to stop the process once it has started.
Kocialkowski goes on to explain that they have found and closed this specific backdoor process that could be a major issue and allow a potential field day for hackers, and users that own one of those devices listed with the proprietary line of code can install Replicant ROM to get rid of the problem. He also mentions that Replicant doesn’t cooperate with backdoors but it also has no way of stopping the modem from rewriting any software if the modem is able to take control of the main processor. This sounds like it could be especially troubling to those who use these specific Samsung devices, but it doesn’t mean you’re absolutely required to install any sort of custom ROM. With Samsung’s big push on security as of late, they will be probably be working on something to address this problem from their own end in due time. Hopefully sooner than later.