The backdoor works on several Samsung Galaxy mobile devices using the stock Android image, but it was present in “most proprietary Android systems running on the affected Samsung Galaxy devices, including the ones that are shipped with the devices”.
This means that Samsung Galaxy devices running proprietary Android versions come with a back-door that provides remote access to the data stored on the device.
It can be found in the proprietary software that is in charge of handling the communications with the modem.
Using the Samsung IPC protocol, it implements a class of requests known as RFS commands that allows the modem to perform remote I/O operations on the phone’s storage.
When the modem is running proprietary software, it offers over-the-air remote control, that could then be used to issue the incriminated RFS messages and access the phone’s file system.
This means that anyone who knows about the backdoor can walk directly into the Nexus S, Galaxy S, Galaxy S2, Galaxy Note, Galaxy Tab 2, Galaxy S 3, and Galaxy Note 2. In fact the Galaxy S seems to be the least secure with the back-door program running as root.
Replicant thinks it is possible that these were added for legitimate purposes, without the intent of doing harm by providing a back door.
What is a little strange is that the problem was reported on this Replicant Wiki page a few weeks ago but none appears to have noticed.