View the article’s original source
Author: Omar Sohail
It is high time that despite the level of security introduced in Android devices, particularly Samsung and its KNOX platform, consumers should accept that there will still be an element of a security breach. However, a serious issue might plague more than 600 million Samsung mobile devices thanks to the company’s default keyboard application SwiftKey being afflicted with what is being called as a remote code execution attack.
Samsung Devices Could Be Exploited Through Unwanted Access To Contact Data, Text Messages, Bank Logins, And Much More
According to Forbes, the problem was isolated by Ryan Welton, an individual who belongs to mobile security specialists called NowSecure. Thanks to the vulnerability, it was possible for Welton to send malicious security updates to affected devices through a proxy server. Additionally he found loopholes which allowed him to tap in to more than just the contact data present inside the mobile device’s owner.
The sources states that if the wrong hands took advantage of the exploit, then text messages, bank logins and other information that the user deemed private would become instantly available to the other party. After being alerted to the issue way back in November 2014, tech giant Samsung had told NowSecure that it was busy working on a patch in order to secure devices. However, it appears that the problem has still persisted.
Welton, after successfully replicating the attack on a Galaxy S6 running on the carrier Verizon stated that:
“We can confirm that we have found the flaw still unpatched on the Galaxy S6 for the Verizon and Sprint networks, in off the shelf tests we did over the past couple of days.”Advertisements
Given below is a list of devices that could be affected, along with others as well:
- Galaxy S3
- Galaxy S4
- Galaxy S5
- Galaxy Note 3
- Galaxy Note 4
A SwiftKey spokesperson has mentioned the following regarding the attack:
“We’ve seen reports of a security issue related to the Samsung keyboard. We can confirm that the SwiftKey Keyboard apps available via Google Play or the Apple App Store are not affected by this vulnerability. We take reports of this manner very seriously and are currently investigating further.”
NowSecure has reported that downloading a new version of SwiftKey will not remove the issue. Instead, a carrier upgrade will be mandatory in order for the vulnerability to be removed completely. Samsung device owners will now to face a mind boggling conundrum since the default keyboard application cannot be uninstalled.
Instead, Samsung and its diligent employees are going to have to work tirelessly in order to make sure that the attack cannot make its mark on thousands of unsuspecting Samsung device owners. Let us hope that these individuals are able to roll out a solution in record time.
Image source: Softpedia
The post 600 Million Samsung Devices Could Be Vulnerable To Remote Code Execution Attack by Omar Sohail appeared first on WCCFtech.
All of these texts are owned by its respective writers and are published here under a Creative Commons License. Visit the author’s website (see link below the title of this post) to determine the actual terms of the license.