NowSecure discovered a serious vulnerability in the default keyboard of the Samsung Galaxy S6 and other smartphone of the Korean manufacturer. The bug, found in more than 600 million devices , could be used to perform various types of attacks, including the interception of conversations. The security expert Ryan Welton has reported the problem to Samsung, the CERT team to Android and Google.
The vulnerability has been identified in the update mechanism of the virtual keyboard, in the case of Samsung devices, It is a customized version of SwiftKey . During the update procedure, executable files are not encrypted , allowing their replacement by infected files. Since the smartphone periodically checks for new versions of the app keyboard and language packs, an attacker could perform a man-in-the-middle, or intercept the traffic and send an edited file to the smartphone Samsung.
Since the update are given elevated privileges, any malware can easily exceed the protections included in Android that normally limit access to third-party app. The researcher found that successfully exploited this vulnerability even if the user uses a keyboard other than the default . SwiftKey has, however, clarified that the original keyboard, available on the Google Play Store, is not affected by this vulnerability.
If the man-in-the-middle attack is successful, the attacker can install apps without permission user intercept messages and calls , by stealing sensitive (password) and access to the sensors integrated in the smartphone (microphones, GPS and cameras). In the latter case, it is made a real remote monitoring with audio recordings and photographs. Pending the patch, Welton advised to avoid WiFi connections unsafe.
No comments:
Post a Comment