Yesterday, we disclosed our findings about the Samsung Galaxy back-door, an anti-feature found in Samsung Galaxy devices that lets the modem access the files stored on the device. For a complete statement about the issue, you can refer to the article we published at the Free Software Foundation’s website. A technical description of the issue is available on a dedicated page of the Replicant wiki, along with more information regarding the back-door.
The information spread out very quickly and we’re glad the press is finding interest in such matters as privacy and unjust control over one’s computing. This demonstrates yet another time why free software is essential and how a single piece of proprietary software can compromise a whole device.
We have yet to hear from Samsung about this issue, as we are hoping that the reason for the presence of this back-door will be clarified. In that regard, we’d be very glad to work with Samsung in order to make things right, for instance through releasing free software or documentation that would make it easy for community Android versions to get rid of the incriminated blob.
Update: Several sources, including Samsung, claim this is a non-issue. A complementary statement to address these claims was issued at Paul Kocialkowski’s personal blog.
I believe that the Galaxy S4 in its UMTS version matches every requirement that would let us suspect that the backdoor is present. Currently, community Android versions such as CyanogenMod didn’t show any willingness to solve that issue, so perhaps you should raise the issue with them. Replicant doesn’t support that device currently.
Samsung-RIL cannot be installed as-is on top of CyanogenMod, because it requires some in-depth changes to the system. A developer might be able to integrate Samsung-RIL in the CyanogenMod source code and build image with it.
As a non-programmer with no vast knowledge about linux.
Could you give some easy insight on how to find out if my phone (S4) is affected and how i can patch it.
I read it already: http://redmine.replicant.us/projects/replicant/wiki/SamsungGalaxyBackdoor
but it´s not understandable.
I think that would help a lot of people out.
And is this: http://redmine.replicant.us/projects/replicant/wiki/Samsung-RIL
easily installable on CyanogenMod, or installable to non-Replicant roms at all?
Sorry for all these “Noobie-Questions”, but making a solution available for the wide public with no extraordinary skills would be a great gift!
Thank y´all!
Wi-Fi-only tablets do not have a modem, hence they are not subject to the issue described in this article!
Does a samsung galaxy tab with only wifi without 3g , has baseband software on it.
Thank you all.
M.
Pingback: Anonymous
Pingback: 10 Free Crypto Apps To Help Protect Your Online Privacy
Pingback: 10 Free Crypto Apps To Help Protect Your Online Privacy | Sharing Interesting Stuff, Updates News & Free Tips
Well, you can find out by looking at the incriminated files as described on the Wiki page! I’m not going to check each model individually, but others can look at them and report what they found :)
what about Samsung s4 active ?
Wow that’s so generous of you! Feel free to contact me using the address provided at: http://redmine.replicant.us/projects/replicant/wiki/People
I’ll be very glad to discuss all this with you (you might want to make that conversation public by using our mailing list, too), though I’m afraid voice crypto is impossible, except if you use XMPP over 3G.
I recently donated $500 to the cause, and I’d like to contact Paul to donate more to create a truly open, secure phone with voice crypto and an open RIL (sans backdoors) and watch the network quality such as why voice calls drop out according to the AT command. I see Samsung deliberately commented this out in the logcat.
I don’t care how old the phone is, if it makes calls we are good to go. I have funds, I need someone to replace the kernel/RIL to strip out the crud to just secure voice.
Pingback: Popularne urządzenia Samsunga prawdopodobnie zawierają backdoora | Używamy słów, by uratować świat | Oficjalny blog Kaspersky Lab
If you remove the proprietary RIL from the system, you should be fine!
Thanks a lot for the notification Paul!
I am wondering if it still would be possible to use the modem to access files if one delete all specific phone related software? Meaning, then just using the device with wifi.
Pingback: Beliebte Samsung-Geräte sollen Backdoor enthalten | Wir benutzen das Wort, um die Welt zu retten | Der offizielle deutsche Kaspersky Blog
Pingback: Populares dispositivos Samsung y probable backdoor | Usamos las palabras para Salvar al Mundo | El blog oficial de Kaspersky en español
Pingback: Vários dipositivos populares da Samsung têm uma "porta secreta" | Nós usamos PALAVRAS para salvar o mundo | Blog Oficial da Kaspersky Brasil
Pingback: Scoperta backdoor in alcuni dispositivi Samsung | Usiamo la Parola per Salvare il Mondo | Blog Ufficiale in italiano del Kaspersky Lab
Pingback: Varios Populares Dispositivos De Samsung Tendrían Una "Puerta Trasera" | Nosotros utilizamos las PALABRAS para salvar el mundo | Blog Oficial de Kaspersky América Latina
Pingback: Popular Samsung Devices Allegedly Contain Backdoor
Pingback: Popular Samsung Devices Allegedly Contain Backdoor
Pingback: Popular Samsung Devices Allegedly Contain Backdoor | We use words to save the world | Kaspersky Lab Official Blog
Pingback: Есть ли «черный ход» в Samsung Galaxy? | Спасаем мир словом | Официальный русский блог Лаборатории Касперского
No plan yet. Support for it was introduced in CM 11 and we’re still based off CM 10.1. On top of that, the very big screen resolution might make it hard to make it usable with Replicant.
Someone Arstechnica interviewed added this also affects newer devices like S4.. is Replicant working on a port for the S4?
“Samsung takes the security of its products extremely seriously. We have investigated the claims that have been made and can confirm that there is no security risk. The Free Software Foundation’s recent allegations are based on a false understanding of the software feature that enables communication between the modem and the Application Processor chipset.”
*Background information
Unlike AP chipset, Modem chipset is not connected with extra flash memory. To provide seamless network service, Modem setting value is stored in flash memory related to AP chipset in most cases.
Daniel: You’re welcome to evaluate and suggest that target on the targets evaluation part of our forums (if not already there).
What about the note 3?
I’m concerned about this, my phone has changed different settings and I noticed that the phone turns the speaker on every time I am in a phone call, sometimes twice. I can’t get the GAS to turn on. I have a compass app that hasn’t been right since I bought this Galaxy Note3. I turned the GAS on and went outside to see if it needed calibration and it started vibrating. HELP!
Felitations pour le chemin parcouru…s il te reste des moments libres nous te recevrons avec plaisir a multimicro quand tu reviens a libourne
Nous avons actuellement un probleme avec la connexion d une imprimante Usb avec le reseau .JErome signouret qui est passé au lycee est débordé par ses nouveaux cours et ne vient plus .peut être a bientot