Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
You are here: Home / Data Security / Millions of Samsung Phones at Risk
Massive Security Flaw Puts 600 Million Samsung Smartphones at Risk
Massive Security Flaw Puts 600 Million Samsung Smartphones at Risk
By Jennifer LeClaire / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
A huge vulnerability in software that comes pre-installed on Samsung phones is reportedly putting as many as 600 million mobile device users at risk of being hacked. Mobile security firm NowSecure’s Ryan Welton uncovered an issue in the SwiftKey keyboard that comes bundled with Samsung phones, including the Galaxy S3, S4, S5, S6, and Galaxy Note 3 and 4.

SwiftKey bills itself as having an “autocorrect that actually works.” The software lets you slide from letter to letter rather than tap the keys. But there may be a price to pay for Samsung users looking for a more productive way to type out messages because the keyboard allows an attacker to remotely execute code as a privileged system user, according to Welton.

“It’s unfortunate but typical for OEMs and carriers to pre-install third-party applications to a device. In some cases these applications are run from a privileged context,” Welton said. “The Swift keyboard comes pre-installed on Samsung devices and cannot be disabled or uninstalled. Even when it is not used as the default keyboard, it can still be exploited.”

A Notch Short of Root Access

Essentially, the code reveals that the keyboard was signed with Samsung’s private signing key and runs in one of the most privileged contexts on the device -- system user. That’s just a notch short of being root. The good news is not just any novice attacker can tap the vulnerability.

“The attack vector for this vulnerability requires an attacker capable of modifying upstream traffic,” Welton said. “The vulnerability is triggered automatically -- no human interaction -- on reboot as well as randomly when the application decides to update.”

The vulnerability opens the door to geographically proximate attacks -- such as rogue Wi-Fi access points or cellular base stations -- or attacks from local users on a network, including ARP poisoning. Welton said fully remote attacks are also feasible via DNS Hijacking, packet injection, a rogue router or ISP.

“Unfortunately, the flawed keyboard app can’t be uninstalled or disabled. Also, it isn’t easy for the Samsung mobile device user to tell if the carrier has patched the problem with a software update,” Welton said. “To reduce your risk, avoid insecure Wi-Fi networks, use a different mobile device and contact your carrier for patch information and timing.”

Making Matters Worse

We asked Lane Thames, security researcher at advanced persistent threat protection firm Tripwire, for his reaction to the vulnerability. He told us it’s irritating because most users will not be able to uninstall the vulnerable software and, to make matters worse, most carriers are currently not shipping patches at this time.

“There are many good keyboards available for the Samsung device so a simple solution is to just remove the vulnerable keyboard,” Thames said. “Unfortunately, neither Samsung nor most wireless carriers want you to do that, usually for the same reasons they sell locked phones.”

On the plus side for the end user, this vulnerability requires a bit of effort to successfully exploit, according to the technical details that have been released, Thames said. Specifically, it requires a man-in-the-middle attack infrastructure where a vulnerable keyboard application initiates a language pack download or update.

“From the details, this update-download initiation occurs after boot and periodically during normal use,” Thames said. “To minimize risk until a patch is available, users should refrain from rebooting their device if connected to a Wi-Fi network and should refrain connecting to unknown or insecure Wi-Fi networks.”

Thames noted that this includes all public Wi-Fi networks at coffee shops and hotels. SwiftKey could be exploited over the cellular network, but that's harder technically -- only the most experienced attackers would have the skills to exploit it there, he said.

Tell Us What You Think


Posted: 2015-06-27 @ 8:33pm PT
Very disturbing. Second recent type articles. First on their preloaded Internet browser, which can't be deleted either, but forcibly disabled. Forwarded article to T Mobile & Lookout. Thank you.

Benjamin Rhoads:
Posted: 2015-06-25 @ 8:06pm PT
When will Samsung post an OS update for S3 users regarding the Swiftkey language update security flaw?

Karen Bannan:
Posted: 2015-06-25 @ 7:06am PT
Not surprising but scary for the enterprise since -- in most organizations -- mobile security and IT security are handled by different departments.

--Karen J. Bannan, commenting on behalf of IDG and FireEye.

Posted: 2015-06-25 @ 3:04am PT
This was a vulnerability caused by the Samsung original implementation rather than the Swiftkey software.

C. Lloyd:
Posted: 2015-06-18 @ 2:20am PT

Like Us on FacebookFollow Us on Twitter

Over the past decade, hospitals have been busy upgrading their systems from paper to electronic health records. Unfortunately, spending so much on EHR may have left insufficient funds for security.
The British government officially blamed Russia for waging the so-called NotPetya cyberattack that infected computers across Ukraine before spreading to systems in the U.S. and beyond.
© Copyright 2018 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.