As software security goes, this amazingly bad. /dev/mem is an operating system interface to let you read/write any RAM on the machine. Naturally, you want that power as restricted as possible since apps should only be able to interact with their own memory instead of the memory of other apps or the OS itself.
Well, it appears that all of the big-name Samsung Android devices removed all of the write restrictions from that interface, allowing any app to write to any memory on the device.
A few more details:
Originally shared by Arjan van de Ven
This is waaay worse than it sounds.
This was not some unfixed known kernel exploit.
This was a DELIBERATE design decision. Lawyers should have a lot of fun with this.
Oh and by the way.. your phone very likely is still vulnerable, there’s no sign of a wide ranging set of fixes being deployed.
If you haven’t read what the security “hole” was:
These devices have a modified copy of the /dev/mem device driver (but renamed), where the device node has WORLD WRITE permissions.
Not by accident, but deliberately, because that’s how the camera “userspace driver” was supposed to work.
If you wonder why they had to modify the /dev/mem driver…. they had to modify/clone the /dev/mem driver, because the normal /dev/mem driver since some time no longer allows for access to kernel memory, only to device memory…. So….. someone went and copied the driver, and then removed this restriction… and made the device node world writeable.
That’s seriously inexcusable.
Lets see how long it takes for the long list of devices to get their security fix delivered, since the impact is quite serious.
(Oh and why bother going through the “secure boot” hassle if you make basic moronic design decisions like this)