Skip to main content

Samsung Keyboard Bug

Samsung Keyboard Bug Leaves 600m Android Devices Exposed to Hackers










A vulnerability in Samsung's Android keyboard installed on over 600m devices worldwide could allow hackers to take full control of the smartphone or tablet.
 
The security bug revolves around the update mechanism of the built-in keyboard, which looks for language updates for trending phrases either daily or weekly.
 
"The keyboard was signed with Samsung's private signing key and runs in one of the most privileged contexts on the device, system user, which is a notch short of being root," said researcher Ryan Welton from security company NowSecure who discovered the hole.
 
The problem was discovered last year. NowSecure told Samsung about the bug in December. Samsung asked NowSecure to keep the discovery under wraps until it could patch the problem. Google's Android security team was also notified.
 
However, six months on it is unclear whether the patch is out. Samsung started that process in early 2015, but unlike Apple's direct model of software updates, is beholden to mobile phone providers to push out updates to their users.
It is unclear whether that has happened and on what scale users have updated their devices.

Users stuck even if they install another keyboard

"Unfortunately, the flawed keyboard app can't be uninstalled or disabled," said Welton. "It isn't easy for the Samsung mobile device user to tell if the carrier has patched the problem with a software update."
 
The problem surrounds Samsung's integration of Swiftkey's underlying keyboard engine into its own keyboard software. Swiftkey essentially provides the brains for detecting what a user is trying to type and Samsung does the rest producing the completed keyboard and pre-installing it on its devices.
 
The Guardian understands that the fault lies within Samsung's code. SwiftKey-based keyboards on other Android devices from other manufacturers, and SwiftKey's apps from the Google Play Store or for the iPhone are unaffected .
 
If the Samsung Android device is connected to a malicious Wi-Fi network when the keyboard attempts to update its trending phrases and language pack, a hacker could substitute the update for a backdoor into the phone giving a hacker almost complete access to the phone.
 
According to NowSecure a hacker could remotely access a smartphone's sensors, such as GPS, the camera or microphone, eavesdrop on calls or attack sensitive personal data.
 
"Unfortunately, we were only made aware of the issue on Tuesday," said Joe Braid, chief marketing officer of SwiftKey. "We are working as hard as possible to support Samsung and help it fix the issue."
 
Simply installing another third-party keyboard, including SwiftKey's full keyboard does not fix the issue, as the Samsung keyboard continues to run in the background.
 
"There isn't a whole lot you can do except try to steer clear of networks you don't trust, where a crook might try to intercept and hack your traffic," said Paul Ducklin from security company Sophos . "The silver lining, if that's not too strong a way to describe it, is that a crook can't exploit this hole just whenever he likes: you have to be on his dodgy network when a [keyboard] update happens, and he has to notice in time to jump in as a man-in-the-middle."
 
The number of Samsung devices affected is extensive, but includes the latest Samsung Galaxy S models, including the Galaxy S6, S5 and S4.

Stay connected for more latest updates...

Comments

Post a Comment

Popular posts from this blog

Voice Calling Test

Which voice calling app uses the most data per minute? We tested the top 10 Free voice call apps, which use data to place calls, can offer a cheaper way to keep in contact with friends abroad and come to the rescue when you’ve used up your monthly minute quota. However, with multi-gigabyte data plans still often coming at a premium price, the busiest chatters out there could soon eat into their monthly allowance using voice over data calls. To shed some light on the issue, we’ve gone back over our list of  10 free call apps  to investigate just how much data these apps end up consuming. In the list you’ll find popular apps such as Hangouts, Skype, WhatApp and Viber, as well as regional favourites including Line and Nimbuzz. The test method For our test, we subjected each of these 10 apps to three separate one minute calls and recorded the amount of data used by the app after each call. These three totals were then averaged together to produce the result. Bo...
Post a Comment
Read more

Nexus

Huawei and Google reportedly releasing a Nexus phone this fall This year, we may see a first for Google’s line of Nexus Android phones: a Chinese manufacturer.  The Information  reports that Huawei is in line to produce the device, which is said to be planned for fall. It’s not the first we’ve heard of the possibility; IBT said last month that the Huawei Nexus phone was coming, citing an employee at the company’s UK branch, while  Android Police  published a tentative rumor in May suggesting that there would be two Nexus phones this year — a 5.7-inch Huawei device and a 5.2-inch phone from LG. The relationship between Google and Huawei could be mutually beneficial beyond the phone’s co-development.  The Information  claims that talks are in progress for Huawei to help Google bring a mobile app store to China, where government regulations have restricted the search giant from conducting much business of note. HUAWEI COULD HEL...
Post a Comment
Read more

iPhone 6s Leaked Images

Apple's iPhone 6s revealed (sort of): Leaked pictures show new handset will look almost identical but have new 'Force Touch' screen New handset expected to have force touch screen  similar  to Apple Watch   Allows users to 'deep press' to access more menus Screen  could  also vibrate to allow more interaction with users    Apple's next iPhone will look almost identical to the current version at first glance, it has been claimed. However, the handset, expected to be called the 6s and the 6s Plus, they will have a radical overhaul internally - and a new pressure sensitive screen. 9to5Mac  claims these images are the first of the phone, which is expected to be unveiled in September and go on sale soon after. 'For fall 2015, Apple is preparing an 'S' iPhone upgrade that superficially preserves the exterior designs of the iPhone 6 and iPhone 6 Plus, but includes a collection of major internal changes,' the site says. ...
Post a Comment
Read more