heads up for samsung users
Hundreds of millions of users of Samsung Galaxy smartphone models S4 through S6 are potentially vulnerable to a computer bug that researchers disclosed at the Black Hat Conference in London on Tuesday.
The flaw, discovered by a Ryan Welton, a researcher at the cybersecurity firm NowSecure, lets attackers wreak havoc on Samsung mobile device models. It can give a hacker covert control over a phone’s microphone and camera, access to text messages, and the ability to download malicious apps, among other things.
The issue arises from a defect in the software updater for Samsung’s default virtual keyboard, a customized version of the word-prediction technology developed by SwiftKey. When a device downloads a language pack update, any man-in-the-middle attacker—a bad actor positioned on the same network as the user—can swap out the real file with malware, thus compromising the device.
The default keyboard program checks for updates automatically, so even people who use other keyboard apps are vulnerable.
Two problems with the phones’ updater process contribute to the severity of the vulnerability. On the one hand, SwiftKey does not encrypt those keyboard update files, a weakness that hackers can exploit to install malicious files on a person’s device (as described above). On the other, Samsung grants those updates elevated permissions, allowing attackers to circumvent the phone’s security controls and meddle with all sorts of data and code running on a device.
“Because Samsung phones grant extraordinarily elevated privileges to the updates,” writes Ars Technica security editor Dan Goodin, “the malicious payload is able to bypass protections built into Google’s Android operating system that normally limit the access third-party apps have over the device.”
6 Feb ’14
For now, NowSecure recommends that users of Samsung Galaxy smartphones affected by the bug (a list of the vulnerable models can be found here) should:
- Avoid insecure Wi-Fi networks
- Use a different mobile device
- Contact carriers for patch information and timing
Most Users Ever Online: 698
Currently Online:
82 Guest(s)
Currently Browsing this Page:
1 Guest(s)
Top Posters:
easytapper: 2149
DangerDuke: 2030
groinkick: 1667
PorkChopsMmm: 1515
Gravel Road: 1455
Newest Members:
Forum Stats:
Groups: 1
Forums: 12
Topics: 11482
Posts: 58640
Member Stats:
Guest Posters: 2
Members: 19842
Moderators: 0
Admins: 1
Administrators: K