Android operating system may be open source, but the version of Android that runs on most phones, tablets, and other devices includes proprietary, closed-source components.
Phone makers, including Samsung ships its Smartphones with a modified version of Android, with some pre-installed proprietary software and because of lack in independent code review of those closed-source apps, it is complex to authenticate its integrity and to identify the existence of backdoors.
Paul Kocialkowski, the developers of the Replicant OS has uncovered a backdoor pre-installed on Samsung Galaxy devices and the Nexus S, that provides remote access to all the data in the device.
Replicant OS is an open source operating system based on the Android mobile platform, which aims to replace all proprietary Android components with their free software counterparts.
In a blog post, He explained that Samrtphones come with two separate processors, one for general-purpose applications processor that runs Android OS and the other one known as the Modem, responsible for communications with the mobile telephony network.
The Researcher found that a Samsung's IPC protocol runs in the background, which is bound to the communications processor, and allows the modem to remotely read, write, and delete files on the user's phone storage. Samsung IPC protocol, implements a class of requests, known as RFS commands, that allows the modem to perform remote I/O operations on the phone’s storage.
"The spying can involve activating the device's microphone, but it could also use the precise GPS location of the device and access the camera, as well as the user data stored on the phone. Moreover, modems are connected most of the time to the operator's network, making the backdoor nearly always accessible."
This backdoor might have been placed there accidently, but remote ability of modifications to the user’s personal data without user knowledge poses a serious threat.
"It is possible to build a device that isolates the modem from the rest of the phone, so it can't mess with the main processor or access other components such as the camera or the GPS."
"The incriminated RFS messages of the Samsung IPC protocol were not found to have any particular legitimacy nor relevant use-case. However, it is possible that these were added for legitimate purposes, without the intent of doing harm by providing a backdoor." he said.
"However, some RFS messages of the Samsung IPC protocol are legitimate (IPC_RFS_NV_READ_ITEM and IPC_RFS_NV_WRITE_ITEM) as they target a very precise file, known as the modem's NV data." he added.
The researcher identified multiple Samsung devices affected by this vulnerability, including; Nexus S, Galaxy S, Galaxy S2, Galaxy Note, Galaxy Tab 2, Galaxy S 3, and Galaxy Note 2.