Skip to main content

Samsung Keyboard Bug

Samsung Keyboard Bug Leaves 600m Android Devices Exposed to Hackers










A vulnerability in Samsung's Android keyboard installed on over 600m devices worldwide could allow hackers to take full control of the smartphone or tablet.
 
The security bug revolves around the update mechanism of the built-in keyboard, which looks for language updates for trending phrases either daily or weekly.
 
"The keyboard was signed with Samsung's private signing key and runs in one of the most privileged contexts on the device, system user, which is a notch short of being root," said researcher Ryan Welton from security company NowSecure who discovered the hole.
 
The problem was discovered last year. NowSecure told Samsung about the bug in December. Samsung asked NowSecure to keep the discovery under wraps until it could patch the problem. Google's Android security team was also notified.
 
However, six months on it is unclear whether the patch is out. Samsung started that process in early 2015, but unlike Apple's direct model of software updates, is beholden to mobile phone providers to push out updates to their users.
It is unclear whether that has happened and on what scale users have updated their devices.

Users stuck even if they install another keyboard

"Unfortunately, the flawed keyboard app can't be uninstalled or disabled," said Welton. "It isn't easy for the Samsung mobile device user to tell if the carrier has patched the problem with a software update."
 
The problem surrounds Samsung's integration of Swiftkey's underlying keyboard engine into its own keyboard software. Swiftkey essentially provides the brains for detecting what a user is trying to type and Samsung does the rest producing the completed keyboard and pre-installing it on its devices.
 
The Guardian understands that the fault lies within Samsung's code. SwiftKey-based keyboards on other Android devices from other manufacturers, and SwiftKey's apps from the Google Play Store or for the iPhone are unaffected .
 
If the Samsung Android device is connected to a malicious Wi-Fi network when the keyboard attempts to update its trending phrases and language pack, a hacker could substitute the update for a backdoor into the phone giving a hacker almost complete access to the phone.
 
According to NowSecure a hacker could remotely access a smartphone's sensors, such as GPS, the camera or microphone, eavesdrop on calls or attack sensitive personal data.
 
"Unfortunately, we were only made aware of the issue on Tuesday," said Joe Braid, chief marketing officer of SwiftKey. "We are working as hard as possible to support Samsung and help it fix the issue."
 
Simply installing another third-party keyboard, including SwiftKey's full keyboard does not fix the issue, as the Samsung keyboard continues to run in the background.
 
"There isn't a whole lot you can do except try to steer clear of networks you don't trust, where a crook might try to intercept and hack your traffic," said Paul Ducklin from security company Sophos . "The silver lining, if that's not too strong a way to describe it, is that a crook can't exploit this hole just whenever he likes: you have to be on his dodgy network when a [keyboard] update happens, and he has to notice in time to jump in as a man-in-the-middle."
 
The number of Samsung devices affected is extensive, but includes the latest Samsung Galaxy S models, including the Galaxy S6, S5 and S4.

Stay connected for more latest updates...

Comments

Post a Comment

Popular posts from this blog

Voice Calling Test

Which voice calling app uses the most data per minute? We tested the top 10 Free voice call apps, which use data to place calls, can offer a cheaper way to keep in contact with friends abroad and come to the rescue when you’ve used up your monthly minute quota. However, with multi-gigabyte data plans still often coming at a premium price, the busiest chatters out there could soon eat into their monthly allowance using voice over data calls. To shed some light on the issue, we’ve gone back over our list of  10 free call apps  to investigate just how much data these apps end up consuming. In the list you’ll find popular apps such as Hangouts, Skype, WhatApp and Viber, as well as regional favourites including Line and Nimbuzz. The test method For our test, we subjected each of these 10 apps to three separate one minute calls and recorded the amount of data used by the app after each call. These three totals were then averaged together to produce the result. Bo...
Post a Comment
Read more

WhatsApp Plus

WhatsApp Plus Latest APK Download Still Beats Original WhatsApp, Free Download Now Available WhatsApp Messenger is very addictive. This can be seen in the statistics that more than 800 million people use this app on a monthly basis, sending over 64 billion messages each day. Using WhatsApp, you can easily connect with friends from all over the world using voice calls and messages. The messages may include texts, videos, voice recordings as well as photos. More and more people are joining this platform, which is expected to reach over 1 billion users by the time the year comes to a conclusion. This is expected to be driven by the fact that the app is working on a new video calling feature as well as a way of bringing together all users from all other apps. Features of WhatsApp Plus latest APK As noted earlier, there are some features that WhatsApp users have been requesting for, but in vain. However, most of these features are...
Post a Comment
Read more

Apple Drone

Here's what an Apple drone might look like Many major tech companies are eyeing drones — Amazon, Google and even Facebook. It's unclear at this point whether Apple wants in, too, but one designer has envisioned what the company's version of a drone might look like if it ever launched one. German designer Eric Huisman mocked up a sleek drone concept called the  Apple Quadcopter , which has a minimalistic black-and-white design. It's very, well,  Apple . In a series of photos posted to his  website , which are stylized to look like Apple's traditional promotional pictures, the company's iconic logo sits in the middle of a slightly curved body, an element that Huisman says will support its many built-in cameras. Similar to a typical quadcopter, the Apple drone has four rotors and four cameras that can shoot still and panoramic photos (up to 100MP). The concept, which was first spotted by  CNET , also incorporates 4K video functionality and built-...
Post a Comment
Read more