Thursday, 18 June 2015

Serious Leak In Keyboard Software Samsung Smartphones

Researchers at the keyboard software installed on many Samsung smartphones found a vulnerability that could allow an attacker who between users and the Internet is to execute arbitrary code with system privileges on the device. Samsung Galaxy S phones, including the Mini S4, S4, S5 and S6 are standard version of Swiftkey keyboard.

This software runs with standard system privileges and regularly checks for updates. However, monitoring will take place over HTTP, which means that it is vulnerable to man-in-the-middle attacks. An attacker who can intercept this update checks and then offering a malicious update can execute arbitrary code as the camera with system privileges. Even if the software is used can not still be attacked, according to researchers from NowSecure . Who published a web page where users can check whether they are vulnerable. According to the researchers, the problem is present at about 600 million sets.

The CERT Coordination Center ( CERT / CC ) at Carnegie Mellon University suggests that the probability of an attack, depending on how often the software checks for updates, it is possible small. Samsung has now released a firmware update for telecom providers. In case users do not receive over-the-air update is still advised to avoid unreliable networks including open Wi-Fi networks. The use of unreliable networks increases the chance of becoming a victim of a man-in-the-middle attack, according to the CERT / CC.

No comments:

Post a Comment