March 21, 2013
All of the vulnerabilities can be exploited without privilege and according to Paleari, stem from “Samsung-specific software and customizations.” Paleari said two of the vulnerabilities can be used to silently install highly privileged applications without user interaction while another allows attackers to send SMS messages without permission
Paleari said he informed Samsung in mid-January shortly after he found the bugs and still hasn’t heard from the South Korean company about a fix. Instead, Paleari writes that Samsung did contact him on Feb. 20 and requested he delay public disclosure, insisting that “any patches [Samsung] develops must first be approved by the network carriers.”
This system is completely broken.
Written by Weiran Zhang who lives and works in Nottingham. You should follow him on Twitter.