Unveiling the Samsung Galaxy back-door

Yesterday, we disclosed our findings about the Samsung Galaxy back-door, an anti-feature found in Samsung Galaxy devices that lets the modem access the files stored on the device. For a complete statement about the issue, you can refer to the article we published at the Free Software Foundation’s website. A technical description of the issue is available on a dedicated page of the Replicant wiki, along with more information regarding the back-door.

The information spread out very quickly and we’re glad the press is finding interest in such matters as privacy and unjust control over one’s computing. This demonstrates yet another time why free software is essential and how a single piece of proprietary software can compromise a whole device.

We have yet to hear from Samsung about this issue, as we are hoping that the reason for the presence of this back-door will be clarified. In that regard, we’d be very glad to work with Samsung in order to make things right, for instance through releasing free software or documentation that would make it easy for community Android versions to get rid of the incriminated blob.

Update: Several sources, including Samsung, claim this is a non-issue. A complementary statement to address these claims was issued at Paul Kocialkowski’s personal blog.

30 thoughts on “Unveiling the Samsung Galaxy back-door

  1. I believe that the Galaxy S4 in its UMTS version matches every requirement that would let us suspect that the backdoor is present. Currently, community Android versions such as CyanogenMod didn’t show any willingness to solve that issue, so perhaps you should raise the issue with them. Replicant doesn’t support that device currently.

    Samsung-RIL cannot be installed as-is on top of CyanogenMod, because it requires some in-depth changes to the system. A developer might be able to integrate Samsung-RIL in the CyanogenMod source code and build image with it.

  2. As a non-programmer with no vast knowledge about linux.
    Could you give some easy insight on how to find out if my phone (S4) is affected and how i can patch it.
    I read it already: http://redmine.replicant.us/projects/replicant/wiki/SamsungGalaxyBackdoor
    but it´s not understandable.
    I think that would help a lot of people out.
    And is this: http://redmine.replicant.us/projects/replicant/wiki/Samsung-RIL
    easily installable on CyanogenMod, or installable to non-Replicant roms at all?

    Sorry for all these “Noobie-Questions”, but making a solution available for the wide public with no extraordinary skills would be a great gift!

    Thank y´all!

  3. Pingback: Anonymous

  4. Pingback: 10 Free Crypto Apps To Help Protect Your Online Privacy

  5. Pingback: 10 Free Crypto Apps To Help Protect Your Online Privacy | Sharing Interesting Stuff, Updates News & Free Tips

  6. Well, you can find out by looking at the incriminated files as described on the Wiki page! I’m not going to check each model individually, but others can look at them and report what they found :)

  7. I recently donated $500 to the cause, and I’d like to contact Paul to donate more to create a truly open, secure phone with voice crypto and an open RIL (sans backdoors) and watch the network quality such as why voice calls drop out according to the AT command. I see Samsung deliberately commented this out in the logcat.

    I don’t care how old the phone is, if it makes calls we are good to go. I have funds, I need someone to replace the kernel/RIL to strip out the crud to just secure voice.

  8. Pingback: Popularne urządzenia Samsunga prawdopodobnie zawierają backdoora | Używamy słów, by uratować świat | Oficjalny blog Kaspersky Lab

  9. Thanks a lot for the notification Paul!

    I am wondering if it still would be possible to use the modem to access files if one delete all specific phone related software? Meaning, then just using the device with wifi.

  10. Pingback: Beliebte Samsung-Geräte sollen Backdoor enthalten | Wir benutzen das Wort, um die Welt zu retten | Der offizielle deutsche Kaspersky Blog

  11. Pingback: Populares dispositivos Samsung y probable backdoor | Usamos las palabras para Salvar al Mundo | El blog oficial de Kaspersky en español

  12. Pingback: Vários dipositivos populares da Samsung têm uma "porta secreta" | Nós usamos PALAVRAS para salvar o mundo | Blog Oficial da Kaspersky Brasil

  13. Pingback: Scoperta backdoor in alcuni dispositivi Samsung | Usiamo la Parola per Salvare il Mondo | Blog Ufficiale in italiano del Kaspersky Lab

  14. Pingback: Varios Populares Dispositivos De Samsung Tendrían Una "Puerta Trasera" | Nosotros utilizamos las PALABRAS para salvar el mundo | Blog Oficial de Kaspersky América Latina

  15. Pingback: Popular Samsung Devices Allegedly Contain Backdoor

  16. Pingback: Popular Samsung Devices Allegedly Contain Backdoor

  17. Pingback: Popular Samsung Devices Allegedly Contain Backdoor | We use words to save the world | Kaspersky Lab Official Blog

  18. Pingback: Есть ли «черный ход» в Samsung Galaxy? | Спасаем мир словом | Официальный русский блог Лаборатории Касперского

  19. No plan yet. Support for it was introduced in CM 11 and we’re still based off CM 10.1. On top of that, the very big screen resolution might make it hard to make it usable with Replicant.

  20. Someone Arstechnica interviewed added this also affects newer devices like S4.. is Replicant working on a port for the S4?

  21. “Samsung takes the security of its products extremely seriously. We have investigated the claims that have been made and can confirm that there is no security risk. The Free Software Foundation’s recent allegations are based on a false understanding of the software feature that enables communication between the modem and the Application Processor chipset.”

    *Background information
    Unlike AP chipset, Modem chipset is not connected with extra flash memory. To provide seamless network service, Modem setting value is stored in flash memory related to AP chipset in most cases.

  22. Daniel: You’re welcome to evaluate and suggest that target on the targets evaluation part of our forums (if not already there).

  23. I’m concerned about this, my phone has changed different settings and I noticed that the phone turns the speaker on every time I am in a phone call, sometimes twice. I can’t get the GAS to turn on. I have a compass app that hasn’t been right since I bought this Galaxy Note3. I turned the GAS on and went outside to see if it needed calibration and it started vibrating. HELP!

  24. Felitations pour le chemin parcouru…s il te reste des moments libres nous te recevrons avec plaisir a multimicro quand tu reviens a libourne
    Nous avons actuellement un probleme avec la connexion d une imprimante Usb avec le reseau .JErome signouret qui est passé au lycee est débordé par ses nouveaux cours et ne vient plus .peut être a bientot

Leave a Reply

Your email address will not be published. Required fields are marked *