Samsung Devices Are Vulnerable To Hackers’ Attacks
A new bug in Samsung-customized version of SwiftKey has made 600 million Samsung phones vulnerable to hackers’ attacks. Hackers can manipulate the Samsung Galaxy S6, S5, and several other Galaxy models to monitor the camera and microphone, access the messaging app, and induct malware, a security researcher has discovered.
Ryan Welton, a researcher with security firm NowSecure, demonstrated the exploit on Tuesday at the Blackhat security conference.
According to the researcher, auto-update feature of the Samsung’s variant of SwiftKey doesn’t engage any authentication mechanism while downloading the updates, leaving hackers unrestricted to upload any malware app.
According to a news source, absence of the transport layer security encryption leads the way for man-in-the-middle tempering.
Welton has elucidated that the bug isn’t limited to Samsung IME keyboard. That is, even if the phone is configured to non-SwiftKey keyboard, hackers can use the exploit. Similarly, the hackers can make their move no matter the update is legitimate or not.
Although the SwiftKey is available as a third-party app for all Android phones, non-Samsung devices are apparently secure, thanks to Google Play update mechanism.
Samsung users can reduce the vulnerability by averting the unsecured Wi-Fi networks. But there isn’t any egress, which could be considered as absolutely secure.
Welton has forwarded the exploit report to Samsung, Google, and the US CERT, which designated the vulnerability CVE-2015-2865.
According to a news source, the bug is chiefly rooted in the software developer kit provided by SwiftKey, but Samsung’s implementation wasn’t without error too.
Samsung has not commented on the scenario yet. SwiftKey has, however, explained its position in an emailed statement. The company wrote:
We’ve seen reports of a security issue related to the Samsung stock keyboard that uses the SwiftKey SDK. We can confirm that the SwiftKey Keyboard app available via Google Play or the Apple App Store is not affected by this vulnerability. We take reports of this manner very seriously and are currently investigating further.