Developers on the Replicant project (Replicant is a fully free distribution of Android OS) have discovered that several models of the Samsung Galaxy device contain a backdoor implemented by the proprietary program running on the modem’s applications processor. The backdoor provides remote access to phone data on Galaxy devices and it can gain sufficient rights to access and modify user data on the phone. Several devices on the Samsung Galaxy line ship with this backdoor making it possible to mess with other components of the phone including camera and GPS.
A blog post on the FSF describes the issue:
Today’s phones come with two separate processors: one is a general-purpose applications processor that runs the main operating system, e.g. Android; the other, known as the modem, baseband, or radio, is in charge of communications with the mobile telephony network. This processor always runs a proprietary operating system, and these systems are known to have backdoors that make it possible to remotely convert the modem into a remote spying device. The spying can involve activating the device’s microphone, but it could also use the precise GPS location of the device and access the camera, as well as the user data stored on the phone. Moreover, modems are connected most of the time to the operator’s network, making the backdoors nearly always accessible.
While working on Replicant, a fully free/libre version of Android, we discovered that the proprietary program running on the applications processor in charge of handling the communication protocol with the modem actually implements a backdoor that lets the modem perform remote file I/O operations on the file system. This program is shipped with the Samsung Galaxy devices and makes it possible for the modem to read, write, and delete files on the phone’s storage. On several phone models, this program runs with sufficient rights to access and modify the user’s personal data.
Through public disclosure of this security issue, the FSF hopes to encourage Samsung Galaxy owners to appeal publicly to SamsungMobile who should promptly address this issue. A technical description of the backdoor is given here