Published in News

Samsung appears to copy Apple's security ability

by on18 June 2015


Has a scary bug

More than 600 million Samsung phones may be vulnerable to attacks that allow hackers to surreptitiously monitor the camera and microphone, read incoming and outgoing text messages, and install malicious apps.

Security researcher Ryan Welton said that the vulnerability is in the update mechanism for a Samsung-customised version of SwiftKey.

This baby is available on the Samsung Galaxy S6, S5, and several other Galaxy models.

The problem was that when downloading updates, the Samsung devices don't encrypt the executable file, making it possible for attackers in a position to modify upstream traffic—such as those on the same Wi-Fi network—to replace the legitimate file with a malicious payload.

Welton showed everyone how at the Blackhat security conference in London.

Phones that come pre-installed with the Samsung IME keyboard, as the Samsung markets its customized version of SwiftKey, periodically query an authorized server to see if updates are available for the keyboard app or any language packs that accompany it.

All that the attacker has to do is set up a man-in-the-middle position can impersonate the server and send a response that includes a malicious payload that's injected into a language pack update.

Samsung gives elevated privileges to the updates so the malicious payload is able to bypass protections built into Google's Android operating system that normally limit the access third-party apps have over the device.

Welton said the exploit is still possible even when the Samsung IME keyboard is not used.

The researcher said Samsung has provided a patch to mobile network operators, but he has been unable to learn if any of the major carriers have applied them. Carriers are usually pretty slack about this.

Last modified on 18 June 2015
Rate this item
(6 votes)

Read more about: