Chicago-based mobile security company, NowSecure, has published a report that over 600 million Samsung smartphones, including the Galaxy S6, are affected by a security flaw in a pre-installed keyboard that, if left unpatched, can allow an attacker to remotely access the phone and install malware.
The security risk comes from the pre-installed system-level SwiftKey Keyboard app (which SwiftKey refer to as the “Samsung stock keyboard using the SwiftKey SDK”) on Samsung devices. According to NowSecure, “a remote attacker capable of controlling a user’s network traffic can manipulate the keyboard update mechanism on Samsung phones and execute code as a privileged (system) user on the target’s phone.” In addition, the pre-installed app cannot be disabled or uninstalled, installing the Play Store version does not remove the vulnerability, and can still be exploited even when it is not used as a default keyboard.
Here are some of the things an attacker could do with the keyboard exploit:
1. Access sensors and resources like GPS, camera and microphone
2. Secretly install malicious app(s) without the user knowing
3. Tamper with how other apps work or how the phone works
4. Eavesdrop on incoming/outgoing messages or voice calls
5. Attempt to access sensitive personal data like pictures and text messages
NowSecure notified Samsung of the security flaw in December 2014 as well as the Google Android security team. Samsung started providing a patch to mobile network operators in early 2015, however, it is still unknown how many devices remain vulnerable and that it is difficult for the user to know if the carrier has already patched the problem. For now, NowSecure suggests the following to reduce the risk of an attack on your device:
* Avoid insecure Wi-fi networks
* Use a different mobile device
* Contact carriers for patch information and timing
For more details about the report, hit the source link below.
source: NowSecure
via: GSMArena
The post 600M Samsung smartphones vulnerable to keyboard hack appeared first on YugaTech | Philippines, Tech News & Reviews.