Who said anything about rushing ? That specific problem has been known for a long time, and most affected devices have received several updates since then. The fix is literally a one-liner in the kernel source, disabling "secure erase". When a user "resets to factory settings" (e.g. wipe all user data) the device performs an erase command. Somewhere in Android 3.x or 4.0 Google changed the default behavior from normal erase to a secure erase. The eMMC chips Samsung used were never properly tested for this, and due to a bug in the firmware of said eMMC chips, the flash memory would be corrupted during a secure erase, rendering the device completely unusable.

It's pretty much a jackpot affair, you hit the factory reset button, x% chance you end up with a full brick. Custom firmware users were much more likely to run into this because often a custom firmware would perform a factory reset upon installation - and a normal user would rarely use this function. But you did not need to run any custom software for this - it can happen on a fully original device without any modifications or even apps installed.

A few months ago, Samsung finally issued a fix - but this fix disabled secure erase being triggered by the format command itself, instead of disabling secure erase in the actual kernel. As a result, custom firmware users would still brick left and right, due to using Google-private update binaries that did not have this call disabled. They put a band-aid on the issue instead of actually fixing it (a one-liner to disable "secure erase" at kernel level (because it never actually works correctly) and revert to "normal erase" always).

Now, I have discussed these issues in person with high-level Samsung engineers, and in their opinion, how they fixed it is correct - even though an exploit like the one presented in this article allows a malicious attacker to hard-brick your device at will, thanks to this eMMC bug. Incidentally, that is exactly what I myself, as well as a number of other developers from the enthusiast community, have kept telling Samsung: with the current solution, all you need is an exploit and a viral app, and you could well end up with millions of hard-bricks.

Note that Samsung does usually warranty on a full hard-brick, so it doesn't have to be a real problem for the end-user, but if this got out of hand, it could easily cost Samsung millions and millions of dollars in repair costs. Just because it hasn't happened yet and it really is not that likely it will occur, it is certainly possible.

This is not a hardware design flaw. Whatever makes you think that ? The reason it affects so many Exynos4 devices is because the exploitable code is present in the main code they base most Exynos4 Android firmwares on. It's certainly fixable by Samsung.

"although it would have been nice if he reported it to Samsung a little in advance of the release of the problem"

While that would have been nice, it is very debatable if it is wise. With Samsung, you just don't know. Security holes have been reported to Samsung that have been fixed nigh instantly, while other well known problems that can cause hard-bricks (device becomes a non-recoverable paperweight) on various devices have been known for almost a year - including the fixes - and the issue is still present in the latest firmwares.

And in the exploit author's defense (as if needed), he actually says somewhere he didn't know whom to contact so he just put it on XDA, assuming it would somehow get to the right people. And even though it is weekend, I'm sure various Samsung engineers on the right levels are aware of the problem :) The not knowing who to contact thing is a valid issue - if you don't have any "ins" at Samsung, it's actually pretty hard getting this kind of information to the right people.

Strangely, TFA makes no mention of an app built to actually use this exploit to install SuperSU (root access management app): http://forum.xda-developers.com/showthread.php?t=2050297 - i.e. what most users consider getting rooted.

Of course, this exploit can be used by any app, and a user can use the core exploit manually to install SuperSU (or Superuser) to let Play apps that need root (but don't contain this exploit ;)), but the linked method does all the work for you already.

As is the rule with "Ask Slashdot", the answer to the question is "no".

I haven't had a dedicated desk phone in years. Lots of people don't even have their own desks anymore. Skype/IM or if really needed many companies (at least over here) will give you a smartphone just for work purposes.

All Nexus devices can be rooted in 30 seconds or less .... by design.

If you don't drink coffee, you feel the same in the morning as somebody who does drink coffee - after they've had their morning cup.

This ^^^^

It makes sense in a really awkward way. Go for it.

First thing I thought as well. We'll see how it goes - this one doesn't sound as stupid as the previous one, but anybody who knows Samsung knows that they are very weak in the software performance department ...

(I wrote some of those utilities, btw)

Thanks for that.

Seconded. I'm also well over $10k in Android hardware, and I'm not making a loss.... :)

Commendable as I find your attitude, I must warn you that you will not be happy with the 7" that was just announced if you were a fan of the iPad. The 7" that was announced today is budget model set to compete with Asus' 7" budget tablet coming out soon. It is pretty (damn) low on the specside of things.

The 7" form factor is however very awesome. Personally I prefer it over the 10" form factor. If you want smooth and fast, you should go for the 7.7" (P6800/P6810 model), which will be more expensive, but is also 2-3 times as fast and has a Super AMOLED Plus screen (once you have had one, you will never want a non-AMOLED screen, IPS be damned). It is currently being sold with Android 3.2 on it, but is said to receive the Android 4.0 update before April 1. It's definitely the best Android tablet I have ever used.

If you think you may reconsider and go for a 10", be sure to wait for the successor of the current Samsung 10", because that one is becoming signifcantly outdated. Said successor is expected to be announced shortly. Alternatively, get the Asus Transformer Prime, which is the fastest 10" Android tablet currently.

(I make Android software for a living, I have a lot of these things lying around - I'm not just making stuff up)

Well, that was a lot more than I wanted to say. It's just that I've seen a lot of comments today regarding people and their iPads (or other tablets) and replacing said tablet with the 7" Samsung announced today. For most people who already own a tablet, this will not be an upgrade. At the same time, it appears nobody knows about the spectacular 7.7" that is already in stores today and runs circles around the 7".

Yeah, I could go ahead and state I'm a fairly succesful app developer who'se apps have grossed into the millions, that I've had several run-ins with CK and that every time I do I think he's a complete retard, but you could just follow his twitter account yourself, and experience the sadness.

It's hard to believe this guy was ever a developer relations guru - because if there's one thing this guy does not understand, its developer relations. He has singlehandedly alienated more WM/WP developers than most (rightly titled) developer relations gurus would ever herd.

"Microsoft's traditional strategy of going over the heads of hardware vendors to meet the needs of consumers and application developers does not work in the phone market"

WTF ? With WP7, they have pretty much pissed off and/or drove out of business at least half of the succesful WM app vendors. How is that a strategy to meet the needs of application developers? WP7 was far more restrictive than needed, and all the really succesful WM apps were killed in WP. I can probably forward you over 100.000 email requests asking for specific apps to be ported from WM to WP7 but are impossible to port. How is that meeting either app devs or consumers?

The funny thing is, for version 8, they seem to be slowly undoing most of the damage they caused with WP7. Those same things everybody screamed about to not change in the first place. Typical.

This just in: Winner of contest actually a contestant - crowd riots ! News at 11 !