A huge security hole has been found in the Galaxy S 3′s stock firmware which allows for privilege escalation (the application getting access to more than what the user allowed) and it’s all down to the “Kies” application on the device. But have no fear, the system has been fixed!
The system works by exploiting some of the communication systems which is part of Android and what Kies uses, and tells it to “restore” the device using an external application which is actually a fake or malicious application which now has more permissions than the original one.
However, the exploit actually uses no permissions in total, so it needs to have some form of access to external storage and it does this by using an app called “ClipboardSaveService” which is pre-installed.
That allows for an application to move and copy files around the system, which is quite dangerous considering no permission at all is required at all.
If you want to see how this works, the exploiter put a video up on YouTube:
However, the good news is Samsung fixed the hole in under 10 hours as confirmed by the exploiter:
Well done samsung, kies_receiver is now protected by android.permission.KIES_BNR. Patch in less than 10hours.
— André Moulu (@andremoulu) August 1, 2012
And the great thing about Android is how easy it was to fix (mainly a file called AndroidManifest.xml to protect it)
If you wish to look at more behind the exploit, go to the article page.