In other words, Samsung Galaxy devices which run proprietary Android versions have a backdoor allowing for remote access to the information stored on the mobile device.It was found in the proprietary software responsible for handling the communications with the modem. The security experts confirmed that via the Samsung IPC protocol, it implemented a class of requests called RFS commands. They allow the modem to perform remote I/O operations on the device’s storage.
Apparently, when the modem is running proprietary software, it offers over-the-air remote control, which could later be used to issue the incriminated RFS messages and obtain access to the file system of the affected device. In other words, anyone aware of the backdoor is able to walk directly into the Nexus S, Galaxy S, Galaxy S2, Galaxy S3, Galaxy Note,Galaxy Note 2, and Galaxy Tab 2. Actually, the Galaxy S appeared to be the most insecure, because the backdoor software is running there as root.
Replicant developers believe that the vulnerable software could possibly be added for legitimate purposes, without the intent of doing harm by providing a backdoor. The most interesting fact is that the problem in security was reported on the Replicant Wiki page weeks ago, but none of the software developers appear to have noticed it.