Daily Archives: June 18, 2015
Earlier today, while speaking at the Blackhat Mobile Security Summit in London, security researcher Ryan Welton of NowSecure disclosed a software vulnerability in Samsung phones that could potentially put upwards of 600 million devices at risk.
The problem is rooted in the default Swift keyboard that comes pre-installed on Samsung’s lineup of Galaxy smartphones. Welton explained that because Swift’s keyboard software looks for updated language packs via unencrypted lines, he was able to create a spoof proxy server and subsequently implant malicious code onto vulnerable devices.
Notably, the Swift keyboard cannot be disabled or installed. What’s more, even user’s who change their default keyboard to something else can still be targeted.
Once a Galaxy keyboard has been exploited, NowSecure explains that an attacker can remotely accomplish the following:
1. Access sensors and resources like GPS, camera and microphone
2. Secretly install malicious app(s) without the user knowing
3. Tamper with how other apps work or how the phone works
4. Eavesdrop on incoming/outgoing messages or voice calls
5. Attempt to access sensitive personal data like pictures and text messages
NowSecure technical explanation as to how the attack is carried out reads in part:
The attack vector for this vulnerability requires an attacker capable of modifying upstream traffic. This can include geographically proximate attacks such as rogue Wi-Fi access points or cellular base stations, or attacks from local users on a network, including ARP poisoning. Fully remote attacks are also feasible via DNS Hijacking, packet injection, a rogue router or ISP, etc.
While NowSecure notes that Samsung released a software patch to mobile carriers in early 2015, it’s not yet clear which carriers “have provided the patch to the devices on their network.”
In a statement on the matter, SwiftKey said the following:
We’ve seen reports of a security issue related to the Samsung stock keyboard that uses the SwiftKey SDK. We can confirm that the SwiftKey Keyboard app available via Google Play or the Apple App Store is not affected by this vulnerability. We take reports of this manner very seriously and are currently investigating further.
The list of vulnerable devices includes the Galaxy S4, the S4 Mini, the S5, and the recently released S6. The following chart breaks down which devices on which carriers are at risk, which is to say, all of them.
As you might have heard, a report from yesterday revealed that there was a vulnerability in Samsung’s Swift keyboard that hackers could potentially exploit, thus allowing them to eavesdrop on your calls, messages, make changes to the way your app runs, and a lot more nasty stuff.
Now for those who are unfamiliar, SwiftKey’s technology is used to help power Samsung’s Swift keyboard and for those who have arrived at the conclusion that this means SwiftKey is suffering from the same vulnerability, think again. SwiftKey has since posted an update on their blog in which they reassure users that their keyboard is not affected.
According to SwiftKey, “This vulnerability is unrelated to and does not affect our SwiftKey consumer apps on Google Play and the Apple App Store. We supply Samsung with the core technology that powers the word predictions in their keyboard. It appears that the way this technology was integrated on Samsung devices introduced the security vulnerability.”
SwiftKey also adds that they are working with Samsung to help them resolve the issue moving forward. In the meantime Samsung has also released a statement in which they claim that they will be releasing the patch to address the issue through their KNOX service, so if you are a SwiftKey user, it seems that you can rest assured that you’re safe.