Massive Security Flaw Puts 600 Million Samsung Smartphones at Risk

A huge vulnerability in software that comes pre-installed on Samsung phones is reportedly putting as many as 600 million mobile device users at risk of being hacked. Mobile security firm NowSecureEUs Ryan Welton uncovered an issue in the SwiftKey keyboard that comes bundled with Samsung phones, including the Galaxy S3, S4, S5, S6, and Galaxy Note 3 and 4.

SwiftKey bills itself as having an EUautocorrect that actually works.EU The software lets you slide from letter to letter rather than tap the keys. But there may be a price to pay for Samsung users looking for a more productive way to type out messages because the keyboard allows an attacker to remotely execute code as a privileged system user, according to Welton.

EUItEUs unfortunate but typical for OEMs and carriers to pre-install third-party applications to a device. In some cases these applications are run from a privileged context,EU Welton said. EUThe Swift keyboard comes pre-installed on Samsung devices and cannot be disabled or uninstalled. Even when it is not used as the default keyboard, it can still be exploited.EU

A Notch Short of Root Access

Essentially, the code reveals that the keyboard was signed with SamsungEUs private signing key and runs in one of the most privileged contexts on the device -- system user. ThatEUs just a notch short of being root. The good news is not just any novice attacker can tap the vulnerability.

EUThe attack vector for this vulnerability requires an attacker capable of modifying upstream traffic,EU Welton said. EUThe vulnerability is triggered automatically -- no human interaction -- on reboot as well as randomly when the application decides to update.EU

The vulnerability opens the door to geographically proximate attacks -- such as rogue Wi-Fi access points or cellular base stations -- or attacks from local users on a network, including ARP poisoning. Welton...

Comments are closed.