Skip to main content

Samsung Keyboard Bug

Samsung Keyboard Bug Leaves 600m Android Devices Exposed to Hackers










A vulnerability in Samsung's Android keyboard installed on over 600m devices worldwide could allow hackers to take full control of the smartphone or tablet.
 
The security bug revolves around the update mechanism of the built-in keyboard, which looks for language updates for trending phrases either daily or weekly.
 
"The keyboard was signed with Samsung's private signing key and runs in one of the most privileged contexts on the device, system user, which is a notch short of being root," said researcher Ryan Welton from security company NowSecure who discovered the hole.
 
The problem was discovered last year. NowSecure told Samsung about the bug in December. Samsung asked NowSecure to keep the discovery under wraps until it could patch the problem. Google's Android security team was also notified.
 
However, six months on it is unclear whether the patch is out. Samsung started that process in early 2015, but unlike Apple's direct model of software updates, is beholden to mobile phone providers to push out updates to their users.
It is unclear whether that has happened and on what scale users have updated their devices.

Users stuck even if they install another keyboard

"Unfortunately, the flawed keyboard app can't be uninstalled or disabled," said Welton. "It isn't easy for the Samsung mobile device user to tell if the carrier has patched the problem with a software update."
 
The problem surrounds Samsung's integration of Swiftkey's underlying keyboard engine into its own keyboard software. Swiftkey essentially provides the brains for detecting what a user is trying to type and Samsung does the rest producing the completed keyboard and pre-installing it on its devices.
 
The Guardian understands that the fault lies within Samsung's code. SwiftKey-based keyboards on other Android devices from other manufacturers, and SwiftKey's apps from the Google Play Store or for the iPhone are unaffected .
 
If the Samsung Android device is connected to a malicious Wi-Fi network when the keyboard attempts to update its trending phrases and language pack, a hacker could substitute the update for a backdoor into the phone giving a hacker almost complete access to the phone.
 
According to NowSecure a hacker could remotely access a smartphone's sensors, such as GPS, the camera or microphone, eavesdrop on calls or attack sensitive personal data.
 
"Unfortunately, we were only made aware of the issue on Tuesday," said Joe Braid, chief marketing officer of SwiftKey. "We are working as hard as possible to support Samsung and help it fix the issue."
 
Simply installing another third-party keyboard, including SwiftKey's full keyboard does not fix the issue, as the Samsung keyboard continues to run in the background.
 
"There isn't a whole lot you can do except try to steer clear of networks you don't trust, where a crook might try to intercept and hack your traffic," said Paul Ducklin from security company Sophos . "The silver lining, if that's not too strong a way to describe it, is that a crook can't exploit this hole just whenever he likes: you have to be on his dodgy network when a [keyboard] update happens, and he has to notice in time to jump in as a man-in-the-middle."
 
The number of Samsung devices affected is extensive, but includes the latest Samsung Galaxy S models, including the Galaxy S6, S5 and S4.

Stay connected for more latest updates...

Comments

Post a Comment

Popular posts from this blog

Apple Drone

Here's what an Apple drone might look like Many major tech companies are eyeing drones — Amazon, Google and even Facebook. It's unclear at this point whether Apple wants in, too, but one designer has envisioned what the company's version of a drone might look like if it ever launched one. German designer Eric Huisman mocked up a sleek drone concept called the  Apple Quadcopter , which has a minimalistic black-and-white design. It's very, well,  Apple . In a series of photos posted to his  website , which are stylized to look like Apple's traditional promotional pictures, the company's iconic logo sits in the middle of a slightly curved body, an element that Huisman says will support its many built-in cameras. Similar to a typical quadcopter, the Apple drone has four rotors and four cameras that can shoot still and panoramic photos (up to 100MP). The concept, which was first spotted by  CNET , also incorporates 4K video functionality and built-...
Post a Comment
Read more

Android

Android 5.0.1 Lollipop Rolls Out to Samsung Galaxy Note, Galaxy Note Edge, Galaxy S4, Galaxy S4 LTE, Galaxy S4 Active, And More Samsung Electronics is one of the pioneering smartphone brands that has started rolling out Android 5.0.1 Lollipop update. The South Korean tech titan starts the intermittent update across the globe since February, including devices Galaxy Note Edge, Galaxy Note 2, and Galaxy S4 variants. Samsung first rolled out Galaxy Note Edge Android 5.0.1 Lollipop in  Australia   last February 13. The update brings in new TouchWiz user-interface with bloatware removed, many performance improvements and bug fixes. The update will soon be available in more regions before March ends. Galaxy Note owners in Poland first had a taste of the latest Android mobile OS. Available via over-the-air (OTA) and KIES, the update is about 750 MB in size. It brings in a Material Design touch to the TouchWiz user-interface, faster performance, lock ...
Post a Comment
Read more

Apple Car

Could This Be The Apple Car? There’s been plenty written about the potential Apple car. Now, though, we have an interesting guess as to what it might look like when it hits the road. This version is quintessentially Apple with smooth lines, tons of technology, and that iconic Apple logo prominently featured. These Apple car concepts were drawn up by  CarWow ,and they include both interior and exterior design possibilities. It starts by taking a cue from Tesla with an absentee grille and flowing, aerodynamic lines that look a bit like the Magic Mouse. Colors are white, black, and gold in a nod to the newest iPhones with carbon-fiber reinforced plastics that include a coating to keep dirt from marring that perfect finish. The wheels are designed to cut drag and look good. The interior is where it suddenly looks like no other car. There’s a fingerprint-reading home button on the driver and passenger front doors and it’s all unlocked from the outside with a left to rig...
Post a Comment
Read more