Samsung Galaxy Keyboard Bug Exposes Users to Hackers | Homestead Security | Forums

A A A
Avatar
Search

— Forum Scope —






— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

Lost password?
sp_Feed F-Homestead-Security
Samsung Galaxy Keyboard Bug Exposes Users to Hackers
Avatar
K
Admin
Forum Posts: 31782
Member Since:
15 Feb ’12
sp_UserOfflineSmall Offline
1
18 Jun ’15 - 8:29 am
sp_Permalink sp_Print

heads up for samsung users

Hundreds of millions of users of Samsung Galaxy smartphone models S4 through S6 are potentially vulnerable to a computer bug that researchers disclosed at the Black Hat Conference in London on Tuesday.

The flaw, discovered by a Ryan Welton, a researcher at the cybersecurity firm NowSecure, lets attackers wreak havoc on Samsung mobile device models. It can give a hacker covert control over a phone’s microphone and camera, access to text messages, and the ability to download malicious apps, among other things.

The issue arises from a defect in the software updater for Samsung’s default virtual keyboard, a customized version of the word-prediction technology developed by SwiftKey. When a device downloads a language pack update, any man-in-the-middle attacker—a bad actor positioned on the same network as the user—can swap out the real file with malware, thus compromising the device.

The default keyboard program checks for updates automatically, so even people who use other keyboard apps are vulnerable.

Two problems with the phones’ updater process contribute to the severity of the vulnerability. On the one hand, SwiftKey does not encrypt those keyboard update files, a weakness that hackers can exploit to install malicious files on a person’s device (as described above). On the other, Samsung grants those updates elevated permissions, allowing attackers to circumvent the phone’s security controls and meddle with all sorts of data and code running on a device.

“Because Samsung phones grant extraordinarily elevated privileges to the updates,” writes Ars Technica security editor Dan Goodin, “the malicious payload is able to bypass protections built into Google’s Android operating system that normally limit the access third-party apps have over the device.”

http://time.com/3925.....-keyboard/

Avatar
earthenstead
Central Arkansas
Farm Hand
Members
Forum Posts: 853
Member Since:
6 Feb ’14
sp_UserOfflineSmall Offline
2
19 Jun ’15 - 4:33 pm
sp_Permalink sp_Print

For now, NowSecure recommends that users of Samsung Galaxy smartphones affected by the bug (a list of the vulnerable models can be found here) should:

  • Avoid insecure Wi-Fi networks
  • Use a different mobile device
  • Contact carriers for patch information and timing
Avatar
K
Admin
Forum Posts: 31782
Member Since:
15 Feb ’12
sp_UserOfflineSmall Offline
3
20 Jun ’15 - 8:16 am
sp_Permalink sp_Print

looks like I'm on another list 🙁

Forum Timezone: America/New_York

Most Users Ever Online: 698

Currently Online:
82 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Top Posters:

easytapper: 2149

DangerDuke: 2030

groinkick: 1667

PorkChopsMmm: 1515

Gravel Road: 1455

Newest Members:

Forum Stats:

Groups: 1

Forums: 12

Topics: 11482

Posts: 58640

 

Member Stats:

Guest Posters: 2

Members: 19842

Moderators: 0

Admins: 1

Administrators: K