Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Poking Holes In Samsung's Android Security

timothy posted about a year and a half ago | from the ethical-hacking dept.

Android 107

Orome1 writes "Tired of waiting for Samsung to fix a string of critical flaws in their smartphones running Android, Italian security researcher Roberto Paleari has decided to inform the public about the seriousness of the matter and maybe make the company pick up the pace. Mindful of the danger that the vulnerabilities present to the users if they are exploited by malicious individuals, he decided not to share any technical details, but to just give a broad overview of what their misuse would allow. This includes a silent installation of highly-privileged applications with no user interaction and an app performing almost any action on the victim's phone."

cancel ×

107 comments

Sorry! There are no comments related to the filter you selected.

Learn from the past (2)

SirJorgelOfBorgel (897488) | about a year and a half ago | (#43233669)

The Exynos memory bug (often referred to as ExynosAbuse exploit) was released publicly and fixed rather quickly. This seems to be the way for Samsung - responsible disclosure just doesn't work with them. This has been proven time and again.

Re:Learn from the past (5, Informative)

SirJorgelOfBorgel (897488) | about a year and a half ago | (#43233695)

After some further investigation, it seems all these exploits are fixed in the latest 4.2 leaked firmware for the SGS3, so ... they're actually fixed, just maybe not rolled out yet.

Re:Learn from the past (0)

noh8rz10 (2716597) | about a year and a half ago | (#43234017)

I'm glad somebody is calling attention to this. I love my htc, but my work doesn't allow android byod for this exact reason. Anybody else encounter this mindset?

Re:Learn from the past (1)

Krojack (575051) | about a year and a half ago | (#43234161)

So you're allowed to use a company supplied Android phone or they just don't allow Android at all?

Re:Learn from the past (1)

noh8rz10 (2716597) | about a year and a half ago | (#43234501)

No company phones (too cheap), but you can byod iPhone or bby. It is what it is.

Re:Learn from the past (1)

rjr162 (69736) | about a year and a half ago | (#43236117)

and a Jailbroken iPhone which has apps installed from say Cydia which may also provide ways for people to get in or apps to do what they shouldn't do?

My question is if this exploit works with the Allow 3rd party APKs to be installed disabled (like what's on by default on the Samsung phones)

Re:Learn from the past (0)

Anonymous Coward | about a year and a half ago | (#43239069)

We've had byod for a few years and about to roll out Mobile Iron to address some of these concerns. JB iPhones will no longer be allowed. Some Samsung phones will still require Touchdown. And Windows Phone 7/8 don't meet our security requirements even with MI.

Re:Learn from the past (1)

Krojack (575051) | about a year and a half ago | (#43239347)

So do iPhone get random surprise inspections? Whats to stop someone from jailbreaking it after getting approved to use it at work? Sounds like that company will need it's own cell phone police dept.

Re:Learn from the past (5, Insightful)

Andy Dodd (701) | about a year and a half ago | (#43234183)

Yup. And look at the eMMC "Superbrick" defect on many of the GS2 family. Many of those devices had a defect in the eMMC wear leveller such that the chip could be unrecoverably corrupted if you issued a secure erase command to the chip. (Probably about a 5% chance of it happening, it's similar if not identical to the defect that hit some of their desktop SSDs in late 2012). Not even JTAG could bring a "Superbricked" device back to life.

After discovery of exynos-abuse, the only thing standing between Samsung and permanent damage to thousands of devices was the fact that modern blackhats care more about obtaining information (money) than doing damage. Samsung knew about this bug for many months - they were aware of the defect in the eMMC chips as early as Galaxy Nexus prototype development in 2011. Yet they released updates for devices in 2012 with kernels that allowed secure erase through to the eMMC chip. The only safe device was the I9100 - which had MMC_CAP_ERASE removed from the kernel to protect the chip. In June 2012, Samsung publically acknowledged the bug and claimed to be "working hard" on it - in July 2012 they released updates for the I9100 that turned the MMC_CAP_ERASE flag ON, putting those devices in danger.

They had an official fix that blocked only secure erase merged into the mainline Linux kernel in September 2012, but not a single affected device had the fix deployed until 2013. Their "stuff takes time to get through carrier testing" line is bullshit. Sprint FI27 was *built* (as in, testing STARTED not ended) on September 27, 2012 (nearly a month after the official fix had been mainlined), and deployed to customers in early-mid October.

As to the I9100 XWLPM MMC_CAP_ERASE fiasco, Samsung's answer was that the lack of MMC_CAP_ERASE in earlier source code was a mistake and that the source code did not match binaries running on devices (yes, that's right, Samsung's defense was "yeah bitches, we violated the GPL"). The strange thing is, this was one of the cases where Samsung's source actually DID match binaries - not a single I9100 ICS kernel prior to XWLPM and XXLQ5 had MMC_CAP_ERASE turned on. (This was obvious by the fact that no one experienced "Superbrick" on such devices.)

Samsung's stance was that it was an "open source" problem, but the fact is, with a privilege escalation exploit, any malware could permanently destroy many of Samsung's devices to the point where a motherboard replacement (instead of mere JTAG) was required.

In short, Samsung's "SAFE" marketing crap is bullshit. "Samsung Approved for Enterprise" - who did the approval? Samsung! Hardly an independent certification authority.

Re:Learn from the past (0)

Anonymous Coward | about a year and a half ago | (#43234427)

In short, Samsung's "SAFE" marketing crap is bullshit. "Samsung Approved for Enterprise" - who did the approval? Samsung! Hardly an independent certification authority.

Yeah, but the acronym fits. As anyone who follows the laws that the US Congress passes knows, the cutesy acronym is the important thing.

Re:Learn from the past (1)

AmiMoJo (196126) | about a year and a half ago | (#43240553)

You forgot to mention that you need root to issue this command. It's like suddenly panicking because root can overwrite the BIOS or use the ATA password feature to brick your HDD.

Re:Learn from the past (1)

koshatul (198070) | about a year and a half ago | (#43242129)

The exynos exploit allowed any application direct write access to all memory (essentially they can become root).

It was pretty serious and they did take their time fixing it. Still I prefer my Android to an iPhone.
There was third party fixes for the exynos exploit as well, but a user shouldn't be expected to know that.

Re:Learn from the past (0)

Anonymous Coward | about a year ago | (#43244749)

You totally did not because thankfully there was a trivial privilege escalation on most of those devices.

Kudos kind weaboo sir! You're fighting the good fight for Sammy and Google as an apologist. Those Apple apologists have rubbed off on the ad network fanboys.

Re:Learn from the past (1)

fermion (181285) | about a year and a half ago | (#43236041)

This has been going on long before the smart phone,or even when it was common for people to have mobile phones.

The only way to prove, and the only thing to do when a developer refuses to fix a bug, is to put the exploit in the wild. This is the only way to prove the exploit actually works in the real world. Until this happens the developer can just say it is a theoretical problem with no practical route to success, and as such does not warrant the resources necessary. One the exploit is wild, however, they can no longer say this.

I am not saying that when someone find an exploit a tool should be released to showcase that exploit, just that it has been known for developers to sit on a bug until someone actually started annoying end users with it.

All This, Yet... (1)

Anonymous Coward | about a year and a half ago | (#43233735)

I still can't use my phone as a WiFi access point without paying an additional $10-$20 per month.

On the other hand, I doubt that the rhinestone case crowd will care about this much/at all.

Carriers can still detect tethering (3, Informative)

tepples (727027) | about a year and a half ago | (#43234087)

Anonymous Coward wrote:

I still can't use my phone as a WiFi access point without paying an additional $10-$20 per month.

That's an ISP problem more than an Android problem. During this transition from 2G to 3G to 4G-lite,* wireless carriers rely on subscribers not using all their monthly megabytes, and subscribers who use multiple devices on one plan tend to use more megabytes per month than subscribers who do not. Even a phone that obeys its owner (that is, one with a custom ROM) can't hide tethering-like behavior unless you run everything through a VPN. Carriers are reported to use traffic to Internet sites that host desktop OS updates, antivirus updates, and desktop application updates as evidence of tethering. By the time you've paid extra for a higher cap and paid extra for a VPN so that the ISP doesn't see what you're visiting, you might as well have paid for the tethering rider.

* "Lite" because LTE isn't really 4G.

Re:Carriers can still detect tethering (0)

Anonymous Coward | about a year and a half ago | (#43234181)

I've gotten a Tethering Not Permitted message a couple of times on my rooted Galaxy Note on AT&T's network, but it works 99+% of the time.

It may be due to the reasons you state. All the devices I tether are also running Android, so I'm never loading anything desktop-pc related.

Re:Carriers can still detect tethering (0)

Anonymous Coward | about a year and a half ago | (#43234235)

"That's an ISP problem more than an Android problem."
That makes it sound like it is in some part an Android problem. Just to be clear, Android natively fully supports tethering, and has done for ages, and it is entirely down to your service provider if you have to pay extra to enable tethering on your handset.

Re:Carriers can still detect tethering (1)

TyIzaeL (1203354) | about a year and a half ago | (#43237953)

I get by by running a VPN server at my house and then connecting to that while I'm on the go.

Re:Carriers can still detect tethering (1)

tepples (727027) | about a year and a half ago | (#43238079)

server at my house

For one thing, running a server at your house requires that your home ISP's terms of service allow running a server accessible from the public Internet. A lot of ISPs don't allow those on home SLAs. For another, when you bounce off a VPN at home, you're still transferring a larger volume of data per month when you tether than when you don't. How did you manage to work through those issues?

Re:Carriers can still detect tethering (0)

Anonymous Coward | about a year ago | (#43242617)

What's your point?

The cost of avoidance (1)

tepples (727027) | about a year ago | (#43246083)

My point is that every way I've seen of avoiding the tethering fee has noticeable drawbacks in cost, TOS, or complexity, and the cost of avoidance could approach the tethering fee itself.

Re:All This, Yet... (1)

Krojack (575051) | about a year and a half ago | (#43234205)

If you're still on Verizon unlimited then this is the case (unless you root). If you're on a 2 or 4 gig then you should raise hell and threaten to contact the FCC.

In other news... (0, Troll)

AmiMoJo (196126) | about a year and a half ago | (#43233745)

I have decided to warn users about a string of critical security flaws in Apple products. They allow an attacker to 0wn your pets, borrow your car one day a week and other terrible things. In the interests of safety I'm not going to detail them in any way or provide any evidence of their existence, just warn you. Take my word for it, they exist and I am in no way trolling Apple fans.

Re:In other news... (1)

tlhIngan (30335) | about a year and a half ago | (#43235313)

I have decided to warn users about a string of critical security flaws in Apple products. They allow an attacker to 0wn your pets, borrow your car one day a week and other terrible things. In the interests of safety I'm not going to detail them in any way or provide any evidence of their existence, just warn you. Take my word for it, they exist and I am in no way trolling Apple fans.

Apple's released 3 updates to iOS 6 already in the span of a month or so... and supposedly even the passcode bug isn't completely fixed as people have found a new one.

Anyhow, with Samsung phones, the only one you buy is the flagship model as that one will get the most software updates. Forget the free phones or crap-droids. Alas, it also means obscenely large hands if you want to use a SGS4 single handedly. (Why... why can't I find a phone with a 4.5" or smaller screen, a top end processor and GPU, high res, lots of memory and software updates? Why do I have to settle for ever larger screens? Is it no longer possible to have a usable flagship phone without needing to toss in a 55" screen and the kitchen sink?)

Re:In other news... (1)

3.5 stripes (578410) | about a year and a half ago | (#43236893)

Look at some of the smaller names in phones, the blu phones are decently priced, use unmodified android, have decent specs too.

Samsung image tarnished with Android (4, Interesting)

Silentknyght (1042778) | about a year and a half ago | (#43233755)

Say what you will about Apple & the iPhone, but I appreciate the tight integration of OS & hardware and their desire to provide a consistent & reliable user experience. I own and use a (Sprint) Samsung Galaxy S2 Epic 4G Touch, and it was a series of broken promises on ever getting ICS. When finally rolled out, it wasn't the true android experience, but some half-baked Samsung-proprietary interface aka "Touchwiz." Great, that wasn't what I was sold when I purchased the device. I want android, not Samsung's half-baked, bug-filled, garbage-software-filled version of it.

Eventually, I rooted and installed JB, because Samsung sure as heck wasn't going to do that. And then, as you venture deeper into the rooting environment, you find out a bunch of hardware/software issues directly caused by Samsung, including but not limited the EMMC super-brick bug. These security issues in TFA are just more of the same. For me, their handling of their android phones and my experience with them has tarnished their image across their entire product fleet. Will I buy a Samsung brand washer/dryer? There's a lot of digital tech in even washing/drying machines nowadays. Before this, their name wasn't an issue. Now, maybe I consider some other brand.

Already tarnished for me (1, Offtopic)

Anonymous Codger (96717) | about a year and a half ago | (#43233789)

I swore off Samsung a few years ago when the 2.5 year old HDTV I had paid $1400 for died, and they wanted as much to repair it as a new TV would cost. Their products are shoddily made, and they don't stand behind them. They could produce the snazziest Jesus phone on the market and I wouldn't touch it with a ten foot poleaxe.

Re:Already tarnished for me (1)

virgnarus (1949790) | about a year and a half ago | (#43233925)

Given your animosity, I say you would want to touch it with a ten foot poleaxe.

Re:Already tarnished for me (1)

alen (225700) | about a year and a half ago | (#43234005)

are you one of these crazy old people who still repairs stuff?

always cheaper to buy new these days. and a lot of times you can buy a better TV or whatever for the price to repair or replace

Re:Already tarnished for me (2)

Nerdfest (867930) | about a year and a half ago | (#43234103)

It's currently the trend to throw things out and replace them but it's not particularly environmentally responsible.

Re:Already tarnished for me (1)

exomondo (1725132) | about a year ago | (#43242671)

It's currently the trend to throw things out and replace them but it's not particularly environmentally responsible.

And repair isn't economically viable, so make your choice.

Re:Already tarnished for me (1)

Nerdfest (867930) | about a year ago | (#43242759)

If I ran the world (and I really think I should), I would make manufacturers responsible for environmentally responsible disposal of their products, making it more worthwhile to repair things.

Re:Already tarnished for me (4, Interesting)

Waffle Iron (339739) | about a year and a half ago | (#43234323)

are you one of these crazy old people who still repairs stuff?

I am. I have a ~7 year old Samsung 1600x1200 monitor that still looks nice. I like this form factor, and it's hard to get in these days of HDTV LCDs. Unfortunately, Samsung was known for using shoddy capacitors in that time period, and a few years ago my monitor started blacking out shortly after power up.

I found a video on YouTube where they showed how to fix my exact model, and I fixed mine with $5 of new caps. Now it's still going strong.

Re:Already tarnished for me (4, Informative)

TheGratefulNet (143330) | about a year and a half ago | (#43234701)

it would be hard to find someone who does NOT use cheap 'china caps' inside instead of proper panasonic (japan) or nichicon or any of the other *reliable* electrolytic makers.

badcaps.net is informative for those that have not heard of this 15+ yr old problem in the parts industry. worldwide! china fucked the world on this and we're still paying with blown caps on nearly everything that uses them.

buy the parts from known places (digikey, mouser, newark, jameco, etc) and you'll get guaranteed real parts, not fakes. even the vendors who build boards tend to use fake caps (bad formula) and they last about a year before they fail.

Re:Already tarnished for me (1)

Anonymous Coward | about a year and a half ago | (#43239569)

This is mixing the circa 2000 bad cap plague with the circa 2007 problem. The difference doesn't summarize easily, but for the interested there's a pretty reasonable attempt at wikipedia.
http://en.wikipedia.org/wiki/Capacitor_plague [wikipedia.org]

Both have some overlap with, but are not the same thing as, the problem of fake parts. These days automated x-ray machines that run through your reels of components looking for fakes are pretty common. Things are bad. Digi-mouser et al do try hard and are good about returns, but their "guarantee" is a practical one you'll have to use occasionally, not a "guarantee" it'll never happen.

FWIW, one chap I know in high end electronics said years ago they gave up -- it doesn't matter who you buy from. At some level fabrication is Chinese, and the parts just don't hold to data sheet specs any more. Their solution is complete testing of each new bulk shipment to discover the real data specs the components work at, then they design the circuits to fit. Suppliers of commodity electronics have different solutions as they can accept a higher failure/substandard-performance rate.

Ugly mess, all of it.

Re:Already tarnished for me (0)

Anonymous Coward | about a year and a half ago | (#43242305)

My Samsung TV had the capacitor problem, which I fixed. It also had the power supply problem, which Samsung fixed under warranty, but not until the TV had been with them for a month and I had demanded it be fixed and returned or a new equivalent provided at no charge. Finally, a month outside warranty the panel died (a flexible PCB style connection went intermittent). I sold it for parts on eBay for $35. It cost $1500 three years earlier.

I have a Samsung refrigerator with an ice maker. Works great for cubed ice, but if set to crushed ice it includes portions of itself in the ice. Bits of plastic that look like fingernail clippings. Delightful. But the worst bit is that the fridge fan freezes every couple of months, requiring I pull it apart and remove all the ice. After a dozen times or so of this the foam seals are stuffed. In short, the fridge is a steaming pile I will replace as soon as possible. It cost $1800 four years ago.

Samsung make equipment that usually works very well for a while, often just about the warranty period. Once it breaks Samsung simply refuse to stand by their products. Their LCD TV warranty period was reduced from three years to one year a couple of years ago. That alone speaks volumes. No more Samsung for me.

Re:Already tarnished for me (1)

Trogre (513942) | about a year and a half ago | (#43242039)

Are you one of those thoughtless young people who throws stuff away when it no longer satisfies your whims?

Re:Already tarnished for me (1, Flamebait)

rasmusbr (2186518) | about a year and a half ago | (#43234019)

I swore off Samsung a few years ago when the 2.5 year old HDTV I had paid $1400 for died, and they wanted as much to repair it as a new TV would cost. Their products are shoddily made, and they don't stand behind them. They could produce the snazziest Jesus phone on the market and I wouldn't touch it with a ten foot poleaxe.

True, but much of the same could be said about Apple.

IIRC Apple's 30" $3000+ monitor shipped with a 1 year warranty (seriously?!). Apple has also, going on for years and years, routinely offered customers to pay extra upfront for warranty/insurance beyond the first year in markets where the law says you have to have more than 1 year of warranty on electronics.

Apple Jesus is a bit like Catholic Jesus. They know you'll come back even if you occasionally a**rape some of them...

Re:Already tarnished for me (3, Insightful)

the_B0fh (208483) | about a year and a half ago | (#43237165)

Funny how in a thread about Samsung, someone must come out and say "but Apple also sucks" like this then makes it all better.

And comparing Apple to rape is a bit much, isn't it?

And all the idiot moderators that modded this interesting, WTF are you smoking?

Re:Already tarnished for me (1)

rasmusbr (2186518) | about a year and a half ago | (#43237607)

Okay, I have to say in retrospect I am sorry if anyone who's actually been the victim of or otherwise afflicted by rape read my comment and felt that it diminished their suffering.

The thing is though, any discussion about the merits and flaws of one company's offering is always going to become about that and it's competition and Apple is a company that should expect harsh criticism, not so much for it's practices in the west, but for the repeated allegations that it has been looking aside from what's happening in its factories in China. (The same criticism probably applies to many other brands as well.)

Re:Already tarnished for me (2)

the_B0fh (208483) | about a year and a half ago | (#43241983)

Then perhaps you should educate yourself first before making allegations that are untrue? Apple has raised working conditions at their factories far above most others.

You can do a simple google search and find articles and interviews where factory workers are bitching about not being able to work overtime - a lot of them work for 3-4 years, and take their savings back to their village and can start their own small business, buy a home, and get married.

Just a comparison - in China, an Apple factory worker makes $350 to $700/month. A computer programmer makes $350/month. A pilot makes $500 to $700/month. Let me repeat that - an unskilled factory worker makes as much as a college educated programmer, or a professional pilot. And you think this sucks for the factory worker how?

As for suicides, these are campus towns. When you have 100,000 people working there, it's larger than a college university. The suicide rates for an average city of 100k people is far above the suicide rates at a 100k people Apple factory/town. Are you under some kind of assumption that in 100k people, there will be zero suicides?

Feel free to use Google and update your knowledge base, so that the next time you want to attack Apple, at least you'd be basing it on facts.

Re:Already tarnished for me (1)

rasmusbr (2186518) | about a year and a half ago | (#43242463)

Well, my understanding is that the working conditions have improved from outright dangerous to merely bad, which is par for the course in poor countries (and arguably better than subsistence agriculture) but certainly not something to be proud of for a market leading company with a profit margin above 20%.

Where did you find the salary figures? I guess $700 would be about median wage in China, which would be fantastic for a manual worker, but I doubt anyone who works at the factory floor actually makes anywhere close to that. This article [dailymail.co.uk] from January of this year claims that the entry level wage in one factory is £180, or about $275.

How much would it hurt Apple's bottom line to increase gross wages by $100 per worker overnight (in addition to planned wage increases)? Well, Apple has less than a million workers in China, so it would be less than $1.2 billion a year which would bring Apples profit margin down by one or two percent. Apple does not think that it's worth it, but they might reconsider if they continue to get criticism.

Suicides are typically caused by things like depression, drug addiction, personal loss, unemployment, violence, persecution and other severe life crises. The suicide rate for all causes in China is about 20 per 100,000 people. I think working conditions or living conditions would have to be pretty damned poor for them to be the primary motive behind several suicides in a town of 100,000.

It's nice that things are improving. Who knows, if Apple keeps getting angry criticism, especially from their customers, they may get the working conditions up to where they'll be able to remove the suicide nets.

Re:Already tarnished for me (1)

the_B0fh (208483) | about a year ago | (#43246963)

Why should Apple pay more for a worker to insert a chip into a motherboard, when every other company already pays substantially less than Apple?

Re:Already tarnished for me (1)

mk1004 (2488060) | about a year and a half ago | (#43234145)

Repair it yourself. I fixed an off brand HDTV's power supply awhile back. Repaired, not replaced. Took a few hours, including driving to get some replacement components. The cost of gas was more than the parts. If you repair it yourself, maybe you'll appreciate how long it takes to fix electronic equipment today. Even ignoring the cost of replacement assemblies, a few hours of labor charges and you will have paid for a brand new TV. This issue is not limited to Samsung either.

Re:Already tarnished for me (3, Informative)

Krojack (575051) | about a year and a half ago | (#43234305)

I had problems start with my Samsung TV. It would take 10 minutes to turn on. Just sit there clicking on, off, on, off. I called Samsung and it was a known problem. They contacted a local repair shop and had the shop come out to my house and fix it THAT NIGHT. Zero cost to me.

Re:Already tarnished for me (2)

CCarrot (1562079) | about a year and a half ago | (#43236099)

I had problems start with my Samsung TV. It would take 10 minutes to turn on. Just sit there clicking on, off, on, off. I called Samsung and it was a known problem. They contacted a local repair shop and had the shop come out to my house and fix it THAT NIGHT. Zero cost to me.

Ditto for our 5 year old (at the time) 52" Samsung LCD TV. It wasn't quite the next day, but definitely within a week of us calling them they had a local contractor come by, and he fixed it right in our living room in about an hour, soldering and all. No bill for us, because it was a known capacitor issue, and it's worked great ever since.

That's a big part of why our new 65" LED is also a Samsung :o)

Re:Already tarnished for me (1)

rsborg (111459) | about a year and a half ago | (#43238663)

I had problems start with my Samsung TV. It would take 10 minutes to turn on. Just sit there clicking on, off, on, off. I called Samsung and it was a known problem. They contacted a local repair shop and had the shop come out to my house and fix it THAT NIGHT. Zero cost to me.

Similar problems with my Samsung monitor - it has serious issues switching between input sources (HDMI, D-SUB) and sometimes would get confused to where it required a shutoff and cooldown for a few min before reuse - a major pain switching between my work and home laptops which use different sources respectively.

Re:Already tarnished for me (1)

interkin3tic (1469267) | about a year and a half ago | (#43234373)

Is there a company out there that charges you reasonable prices for repair on consumer electronics? Not to excuse samsung, just saying if I swore off all brands that tried to keep you tossing out slightly broken electronics, I feel like I'd have to go Amish.

Re:Already tarnished for me (2)

David_Hart (1184661) | about a year and a half ago | (#43234605)

I swore off Samsung a few years ago when the 2.5 year old HDTV I had paid $1400 for died, and they wanted as much to repair it as a new TV would cost. Their products are shoddily made, and they don't stand behind them. They could produce the snazziest Jesus phone on the market and I wouldn't touch it with a ten foot poleaxe.

I agree that a TV should not fail after 2.5 years but Samsung's warranty on TVs is for 1 year, similar to all other manufacturers. Name me one TV manufacturer that would fix a 2.5 year old TV for free? You do realize that TVs are deliberately built to last 3 to 5 years? and that it has cost more to repair a TV than buying a new one for the last 10 years or more? and you blame Samsung because you gambled on the manufacturers warranty and lost?

The warranty period on all electronics has been reduced to save money and cost. It's one of the reason why SquareTrade has been doing so well. Now, when I buy an expensive piece of electronics (i.e. over $1000) I also buy a SquareTrade extended warranty so that it's covered for at least 3 years. I haven't had to use their services yet, so I cannot comment on SquareTrade's customer service. However, they do have good reviews on Amazon, etc.

The point is that you, as a consumer, are expected to understand the warranty period. If you feel that the warranty period is too short for your investment, then there are options on the market to extend the warranty. Personally, I think that all manufacturers should be forced to support their products for 3 years (I think the EU has this?) but that just isn't the case in the US/Canada.

Re:Already tarnished for me (2)

GreatDrok (684119) | about a year and a half ago | (#43237909)

"I agree that a TV should not fail after 2.5 years but Samsung's warranty on TVs is for 1 year, similar to all other manufacturers. Name me one TV manufacturer that would fix a 2.5 year old TV for free? You do realize that TVs are deliberately built to last 3 to 5 years? and that it has cost more to repair a TV than buying a new one for the last 10 years or more? and you blame Samsung because you gambled on the manufacturers warranty and lost?"

In New Zealand, we have a little law called "The Consumer Guarantees Act" which means that even if a manufacturer only puts a 1 year guarantee on a TV, it is expected to last a fair and reasonable time for a device costing upwards of $1000 and that means (in the eyes of the law) ten years. We've just had a washing machine and tumble drier from Electroux fail after six years and they tried every trick in the book to avoid fixing it (out of warranty, you'll need to pay for it and we might reimburse you some of the cost, even phoning me directly and hassling me) but I stuck to my guns and dealt with the vendor (you don't have to deal with the manufacturer, just the shop that sold you the device) and I waved the CGA under their nose (Harvey Norman aren't known for following the rules either so know your rights) and after much complaint from them, they complied with the law and fixed both free of charge.

Sure, the shops try everything to avoid following the law, but the law exists and you just have to keep reading the clause that says a device should last a reasonable amount of time. They have to fix it if it is a manufacturing or design fault regardless of the length of their warranty. In the case of my Samsung BD player, the CGA meant that after they tried and failed to fix the player I returned it with a letter stating that I rejected the player and my reasons (Samsung screwed the firmware and haven't fixed it) so the shop happily took the player back and swapped it for a Panasonic of equal value (Noel Leeming in this case, much better than Harvey Norman who I no longer shop from due to their repeated attempts to avoid their CGA duties)

Re:Already tarnished for me (1)

David_Hart (1184661) | about a year and a half ago | (#43239305)

"I agree that a TV should not fail after 2.5 years but Samsung's warranty on TVs is for 1 year, similar to all other manufacturers. Name me one TV manufacturer that would fix a 2.5 year old TV for free? You do realize that TVs are deliberately built to last 3 to 5 years? and that it has cost more to repair a TV than buying a new one for the last 10 years or more? and you blame Samsung because you gambled on the manufacturers warranty and lost?"

In New Zealand, we have a little law called "The Consumer Guarantees Act" which means that even if a manufacturer only puts a 1 year guarantee on a TV, it is expected to last a fair and reasonable time for a device costing upwards of $1000 and that means (in the eyes of the law) ten years.

After reading your post, I did some research and found this on ConsumerReports.org. They say that there is an implied warranty on most items of 4 years in the US. However, you may have to sue to assert your rights. Even so, it's obvious that some countries have much stronger consumer protection laws than the US.

- - -

Your refrigerator dies three months after the manufacturer's warranty expires. The store and manufacturer say you have to pay to get it fixed.

The law

The Uniform Commercial Code, fully adopted by most states, stipulates that most new consumer products come not only with an express warranty, but also with a so-called implied warranty of merchantability. That is an automatic, unwritten promise that your purchase will perform as commonly expected, including that it will last a reasonable amount of time given the nature of the item. In most states, implied warranties are in effect for four years, although that doesn't necessarily mean a product must last that long. Implied warranties apply to retailers and manufacturers and may be broader than an express warranty.

If you have a problem with a product that you think is the result of an inherent defect, let the manufacturer or retailer (preferably a supervisor) know that you'll take its failure to resolve your complaint as a breach of the implied warranty. If you don't get satisfaction, you may be able to assert your rights through a credit-card chargeback (see box on facing page). If that doesn't work, send a letter threatening legal action. You might need to file a small-claims-court action or consult a lawyer.

You should know

The fine print in most manufacturer warranties and online retailers' terms and conditions disclaim implied warranties. Although walk-in retailers rarely disclaim them directly, they sometimes do so by marking sales "as is," "with all faults," or similar language. A handful of states prohibit such disclaimers, even for as-is sales. And the federal Magnuson-Moss Warranty Act prohibits companies from disclaiming implied warranties during the period in which any express warranty or service contract is in effect.

- - -

Re:Samsung image tarnished with Android (0)

Anonymous Coward | about a year and a half ago | (#43233903)

I don't like Touchwiz either, but you can install a replacement launcher from the market. Apex Launcher is based on the stock android launcher. Works fine for me.

Re:Samsung image tarnished with Android (2)

Silentknyght (1042778) | about a year and a half ago | (#43234325)

I don't like Touchwiz either, but you can install a replacement launcher from the market. Apex Launcher is based on the stock android launcher. Works fine for me.

Touchwiz is not solely the launcher; it's the ROM. It's the Samsung experience.

Look for Nexus (4, Insightful)

tepples (727027) | about a year and a half ago | (#43233941)

When finally rolled out, it wasn't the true android experience, but some half-baked Samsung-proprietary interface aka "Touchwiz."

Lesson learned: If you want a full-baked true Android experience, always look for the word "Nexus".

Re:Look for Nexus (3, Insightful)

Silentknyght (1042778) | about a year and a half ago | (#43234349)

Lesson learned: If you want a full-baked true Android experience, always look for the word "Nexus".

Agreed, that is the lesson I've learned.

Re:Look for Nexus (1)

Threni (635302) | about a year and a half ago | (#43235409)

And who makes the best Nexus devices...

Re:Look for Nexus (1)

Andy Dodd (701) | about a year and a half ago | (#43236431)

Currently - LG and Asus.

Re:Look for Nexus (2)

Threni (635302) | about a year and a half ago | (#43240347)

Took me 3 attempts to get a working nexus 7. I know several other people who had identical problems. Shit build quality and testing. Google's customer support in the UK is shit too, as is the courier company they use. I understand you can actually buy nexus 4s here now though. Let's hope the battery, NFC and touch screens work on them.

Re:Samsung image tarnished with Android (1)

Anonymous Coward | about a year and a half ago | (#43234111)

I got a Samsung UE40ES6710 Smart TV and once again the problem is the software. It's ridiculously buggy. It's not uncommon having to reboot it... Reboot a fucking TV!!!

Re:Samsung image tarnished with Android (0)

Anonymous Coward | about a year and a half ago | (#43234287)

Mine does this too. Vizio smart tv (can't remember the model) but it will shut itself off to update, with no warning whatsoever. It responds about 2 minutes later, and once all the apps I had installed were missing.

Re:Samsung image tarnished with Android (0)

Anonymous Coward | about a year and a half ago | (#43237447)

I got a Samsung UE40ES6710 Smart TV and once again the problem is the software. It's ridiculously buggy. It's not uncommon having to reboot it... Reboot a fucking TV!!!

You could always replace the firmware [samygo.tv] with a custom ROM

Re:Samsung image tarnished with Android (1)

Ancil (622971) | about a year ago | (#43242787)

Never ever ever buy a smart TV.

TVs should be beautiful and dumb as dirt. They should be like a computer monitor: turn on when they sense a video signal. That's all the smarts they need.

Seriously, why would anyone ever want to build things like Netflix streaming and who-knows-what-else into a TV? What happens next year when you want to switch to Amazon's service, or Google's, or Apple's, or...? And your TV doesn't support it? What, buy a new TV??

You think a TV manufacturer is going to be Johnny On The Spot updating and patching last year's $3,000 "smart" TV which they don't even sell anymore? What's in it for them, exactly?

What if their search UI is worthless or they decide half of the guide screen should be targeted ads? What will you do about it? Buy à whole new TV?

Listen, friend. Buy a $99 blu-ray that streams from your provider of choice. Or better yet, a used Xbox 360. Buy a 3rd gen Roku box. Here's the good part: in 2014, if it doesn't meet your needs anymore, you're out a hundred bucks. No need to buy a new TV.

Re:Samsung image tarnished with Android (1)

Krojack (575051) | about a year and a half ago | (#43234371)

When finally rolled out, it wasn't the true android experience, but some half-baked Samsung-proprietary interface aka "Touchwiz."

Welcome to EVERY non Nexus phone buddy. If you don't like it then root it and put CM10.x on the device.

I will admit, Touchwiz is better then HTC Sense.

Re:Samsung image tarnished with Android (1)

yosifkit (2488062) | about a year and a half ago | (#43235209)

I own and use a (Sprint) Samsung Galaxy S2 Epic 4G Touch, and it was a series of broken promises on ever getting ICS.

Ever tried another Android device like Motorola, HTC, Sony, Acer, Asus, Amazon, Barnes & Noble, Toshiba, or ViewSonic? All of them add their own crap to Android to differentiate themselves instead of focusing on the hardware and updates. They all promise to do updates and then never deliver. It would be much easier if they did not spend all their time developing things to replace core features of Android (Samsung and their crappy SMS replacement with custom Applesque "notifications"). The fact that you can root it and "do what you want" is the best part of an Android device.

Before this, their name wasn't an issue. Now, maybe I consider some other brand.

There was an option to choose Samsung before this "incident"?

You're an idiot. (0)

Anonymous Coward | about a year and a half ago | (#43236397)

Every Samsung Phone has had had Touchwiz. Just like HTC uses Sense, and Motorola uses Motoblur.

Re:Samsung image tarnished with Android (1)

GreatDrok (684119) | about a year and a half ago | (#43237719)

Having bought a few pieces of Samsung gear myself, I'm not in the least surprised. It was a blu ray player that did it for me - they pushed out a firmware update that knocked the sound out of sync and then didn't release a fixed one. Ever as far as I know because I got sick of waiting months and not being able to watch a film so I returned the player, it was replaced with another of the same model which didn't have the audio sync problem until I tried to play a new BD and then it insisted I had to update the firmware and bang, sound was out of sync. I returned the player as unfixable and switched to a Panasonic which has been flawless and continues to get updates despite being four years old now. Samsung doesn't seem to care about their older gear, just the new shiny.

Re:Samsung image tarnished with Android (1)

thegarbz (1787294) | about a year and a half ago | (#43241725)

When finally rolled out, it wasn't the true android experience, but some half-baked Samsung-proprietary interface aka "Touchwiz." Great, that wasn't what I was sold when I purchased the device. I want android, not Samsung's half-baked, bug-filled, garbage-software-filled version of it.

Erm nice try, but let me educate you a bit. Touchwiz is the home launcher and app drawer interface. It has nothing to do with the underlying Android system and is simply the app that shows you the home screen. EVERY Samsung phone uses Touchwiz including the ones running Bada instead of Android. This is what you're paying for when you buy a Samsung phone.

This is what you pay for when you buy a Samsung phone, value added features. Samsung had face detect before it was rolled into Android 4. Samsung had voice recognition before Google Now. Samsung offered a non-Android keyboard with Swype functionality before Android included that functionality in 4.2 (incidentally I've had that functionality for the last 3 years in Android 2.1).

When you upgraded your underlying system got upgraded to ICS. All APIs are ICS. All the features of ICS were included. To say you didn't get the upgrade you were promised is completely and utterly disingenuous.

The same applies to current builds on the SGS3 and the upcoming SGS4. Both phones have the latest Android system including features like Google Now, butter interface acceleration etc etc etc, and both phones run newer versions of Touchwiz on their home screens.

Don't like it? Buy a Nexus with it's arguably worse feature set.
Or shoot yourself in a foot buying a cheap Chinese no-name phone with crap hardware and a vendor who did the bare minimum to get Android to boot on it. It'll be the true Android software but don't come back complaining when you miss the experience of you Samsung Galaxy phone.

Disclosure: I am a happy Samsung customer who can't wait for the SGS4 as my SGS2 contract is about to expire.

Moral of the story (2)

synapse7 (1075571) | about a year and a half ago | (#43233815)

the network carriers approve a security patch seems to be a very, VERY, long time!

Do not use ROMs dependent on the carriers.

Re:Moral of the story (0)

Anonymous Coward | about a year and a half ago | (#43233849)

My phone should work out of the box. I don't have the inclination, nor the time, to fiddle with it.

Re:Moral of the story (0)

Anonymous Coward | about a year and a half ago | (#43234023)

The phone company lent you over half of the smartphone's value. You paid upfront some $200 for a $500 phone; you will pay the rest over the course of your contract. Since the phone company gave you this credit, it's within their right to put any restriction over their phone that you will pay over the nest years.

Want full freedom? Get a Nexus. Want something closer to freedom? Buy unlocked phones. Simple.

Prepaid carriers lock too (1)

tepples (727027) | about a year and a half ago | (#43234117)

you will pay the rest over the course of your contract

What contract? I'm on Virgin Mobile, and despite having paid for a phone up front, I still can't take it to another carrier.

Re:Moral of the story (2)

Andy Dodd (701) | about a year and a half ago | (#43234213)

The problem is, even Samsung's unlocked devices purchased at direct retail without subsidy take forever to see security/bug fixes.

Re:Moral of the story (0)

Anonymous Coward | about a year and a half ago | (#43234429)

Yes, that is the flaw with my argument. However, I still believe that the carriers delay those updates even further. For example, the Brazilian GT-i9100 is still on ICS, with "updates" released this month, while JB has been launched almost everywhere else. The only logical reason for that is that the carriers (or ANATEL, our FCC equivalent) still haven't approved the update.

If you want to stay on official Samsung ROMs without messing with the firmware, your best bet is to get an unlocked phone. If you want to stay on official Samsung ROMs but you agree to change the firmware, flash the newest you can find from whatever region has it. If you don't care for the official Samsung ROM, flash CM10.1 (you guys made a HUGE accomplishment to get it running on Exynos4 devices. Sad to see the support go, but I understand the reasons). If you don't care for Samsung ROM or hardware (or, you prefer stock Android), just get a Nexus.

Re:Moral of the story (2)

RMingin (985478) | about a year and a half ago | (#43234551)

Want a fine approximation of freedom? Buy T-Mo's Galaxy S2 off contract and get a pay as you go service from them. I've had a custom ROM since day 2, they unlocked my phone's carrier lock on day 60, by request, and have generally been extremely helpful. Also, since I did some research and got a model with documentation, I've had 4.2.2 for weeks now. Using the stock ROMs, with carrier modifications, is the problem.

Re:Moral of the story (1)

Elbart (1233584) | about a year ago | (#43244177)

Factory-unlocked don't get updates before the local carriers got theirs for the locked handsets.

Re:Moral of the story (1)

synapse7 (1075571) | about a year ago | (#43245023)

I've been running 4.2.2 on an s3 since the 1st of March.

Flaws in the system (4, Insightful)

SpinningCone (1278698) | about a year and a half ago | (#43233913)

"any patches [Samsung] develops must first be approved by the network carriers."

Well there's your problem. if I had to call up my ISP every time I wanted to patch windows I'd be screwed.

CDMA2000 is the problem (4, Informative)

tepples (727027) | about a year and a half ago | (#43233973)

PCs don't require the user to bring in the computer to have it reprogrammed to use a different ISP. CDMA2000 without CSIM, the typical setup on U.S. prepaid carriers such as Ting and Page Plus, does.

Re:CDMA2000 is the problem (1)

Anonymous Coward | about a year and a half ago | (#43234509)

PCs don't require, yet, the user to bring in the computer to have it reprogrammed to use a different ISP. CDMA2000 without CSIM, the typical setup on U.S. prepaid carriers such as Ting and Page Plus, does.

FTFY. Give them enough time and the trend will eventually spread to tablets, netbooks, laptops and (why not?) even desktops.

Re:CDMA2000 is the problem (4, Insightful)

wbr1 (2538558) | about a year and a half ago | (#43234743)

Forgive typos, I'm on a touch screen.
All of these issues, carrier lock, Cdma reprogramming and carrier approval of roms, and unpatchrd bugs have one root. The fact that most people do npt care as long as the can make phone calls, email, and whatever their app du jour is. We that care about security,openness and gpl, getting software updates in a timely fashion, we are a small fraction of the market and no matter how vocal we are here,we are no threat to profit. You, the earlybadopter, the bleeding edge techie, you have been marginilized by greed. Welcome to now.

Re:Flaws in the system (2)

gstoddart (321705) | about a year and a half ago | (#43234413)

Well there's your problem. if I had to call up my ISP every time I wanted to patch windows I'd be screwed.

Well, this is because the carriers all want to make sure to inject their own shit to monetize everything.

The carriers want to put on their stuff to sell you ring tones, apps, and generally make sure your bill is as high as they can manage.

They don't care about your security. On my HTC Android phone, I had to go through and disable a lot of the crap my carrier put in because I was never going to use it and it was just junk.

When I was looking at my last phone, I had a choice of HTC with Android 4+, or Samsung with Android 2+. I opted for a newer OS and lower phone specs, and because I don't hold Samsung in high regard.

Re:Flaws in the system (0)

interkin3tic (1469267) | about a year and a half ago | (#43234415)

And why does it take so long for the carriers to sign off on them anyway? How long does it take to make sure people on stock roms won't be able to tether for free?

Re:Flaws in the system (0)

Anonymous Coward | about a year and a half ago | (#43235125)

So glad I live in the EU, continent of sane internet and mobile connections.

Re:Flaws in the system (1)

Mr_Silver (213637) | about a year and a half ago | (#43236509)

Well there's your problem. if I had to call up my ISP every time I wanted to patch windows I'd be screwed.

Part of the problem also comes from the support model. If you have a problem with Windows or your Dell PC, you don't call your ISP and expect them to resolve it.

Yet in the phone world, if you have a problem with Android or your Samsung hardware you call Verizon/Sprint/etc.

The last two (European) carriers I worked for would have more than happily passed handset customer support to the OEMs but, unsurprisingly, they didn't want to take on the massive expense to do it.

Someone famous without info? (0)

Anonymous Coward | about a year and a half ago | (#43234239)

Did someone try and gain attention and publication without providing any actual information? Aww, that's so cute and typical.

Good thing Samsung is based in South Korea... (1)

gubon13 (2695335) | about a year and a half ago | (#43234609)

Revealing security flaws in Western businesses is automatic jail time lately...

Re:Good thing Samsung is based in South Korea... (1)

93 Escort Wagon (326346) | about a year and a half ago | (#43235073)

Revealing security flaws in Western businesses is automatic jail time lately...

Yeah, they've really worked hard to round up the evasi0n team...

That's funny (0, Troll)

ArcadeMan (2766669) | about a year and a half ago | (#43235479)

For all the hostility towards Apple, you have to admit that Android isn't really up to the task of just fucking working.

I have things to do and these things do not involve messing around with making my hardware and software work properly.

Enjoy your "freedom of choice", Android fanboys.

Re:That's funny (0)

ArcadeMan (2766669) | about a year and a half ago | (#43237895)

Oh yeah, Android users are the ones installing custom ROMs to make their cellphones work but I'm the troll. Fuck you, shithead moderator.

Re:That's funny (0)

Anonymous Coward | about a year and a half ago | (#43239423)

I wonder why there are so many patches to every single computing device out there (tablet, phone, desktop, laptop).

OH YEAH, because they don't work properly!

But only your precious company can do it right, even though they have patches too..?

Why can't they make Android as secure as linux (0)

Anonymous Coward | about a year and a half ago | (#43235881)

Let the phone carriers have control over their sandbox, but let me control the rest, like my linux computer. I don't want a flash light application to be able to have access to internet, my phone book, or check book app.

Re:Why can't they make Android as secure as linux (1)

GuB-42 (2483988) | about a year and a half ago | (#43241655)

1- Android is linux
2- You have to review the permission before installing the app, don't want a flash light to access the internet, get one that doesn't request it. In some custom ROMs you can even revoke permissions (it is totally unsupported and make a lot of apps crash but it is possible).
3- In most linux distributions, apps are usually installed with full root access and run with all user privileges. Much worse that Android.
4- On Samsung (and many others) android phones, you can run custom ROMs, which means as much control as on most linux PCs. And while it is not supported, it is tolerated.

Android Security? (1)

used2win32 (531824) | about a year and a half ago | (#43235911)

F-Secure reports that in the fourth quarter of last year, 96% of all mobile malware was directed to Android. They also report that 0.7% targeted iOS.

Most users do not have an updated version of Android to update to that is made available from their carriers.

Trend Micro’s mobile app reputation service has analyzed over 2 million mobile app samples collected from around the world and 293,091 of them have been classified as outright malicious. Almost 69,000 of those were sourced directly from Google Play, which offers around 700,000 apps in total. “It’s not just Chinese and Russian app stores.”

Disclaimer: I do not own an iPhone, Android, Blackberry, Windows Phone or any smartphone. I have a "feature phone" with a cheap phone plan.

Re:Android Security? (1)

Pubstar (2525396) | about a year and a half ago | (#43236865)

And most of those apps are from unsigned app stores or are sideloaded. Sure, there are some in the main all store, but the problem isn't as big as you're making it out to be.

Re:Android Security? (1)

used2win32 (531824) | about a year and a half ago | (#43237241)

If almost 69,000 were from Google Play, and they have around 700,000 apps total, that would mean that approx 9.8% of the apps in the Google store are infected.

Re:Android Security? (0)

Anonymous Coward | about a year and a half ago | (#43239461)

That's probably 69,000 "infections" (hard to say what they define as an infection), not 69,000 apps.

That would make it like 0.01% of the number of users affected.

More importantly, none of those applications responsible for an infection are still on the Play store and none are on devices.

Re:Android Security? (1)

SirJorgelOfBorgel (897488) | about a year and a half ago | (#43237599)

I dabble in Android security myself, I just want to point out that every single app I have encountered that Trend Micro flagged has been a false positive warning about an exploit that isn't actually present. The cause of this appears to be that those apps include files or snippets of code also used by some well known exploits, but by themselves are not harmful. Rookie mistake.

Note that if you search well, you will find various security folk slamming Trend Micro all over the place. As such, I wouldn't put too much faith in whatever Trend Micro has published, they don't exactly appear up to speed on matters.

Tinfoil Hat time (1)

ThatsNotPudding (1045640) | about a year and a half ago | (#43236837)

Not fixing their execution of Android gives them an excuse to replace it with their own proprietary OS (including a locked down boot loader). At the very least, the anti-freedom US carriers would cheer such a move.

And yet (1)

ggpauly (263626) | about a year and a half ago | (#43239465)

it's necessary to root your phone in order to change the hosts file.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>