It appears that around 600 million Samsung Galaxy smartphones worldwide are affected by a serious vulnerability that could open a backdoor to hackers.
The security vulnerability originates from SwiftKey keyboard that comes pre-installed on a number of Samsung devices and which cannot be disabled or uninstalled.
The vulnerability that was discovered by Ryan Welton, a mobile security specialist at NowSecure, could allow an attacker to remotely execute code as a privileged (system) user, and affects models such as the Samsung Galaxy S6, S5, S4 and S4 mini.
It’s claimed that the vulnerability starts with the updates. Like any software on a smartphone, updates are required and in this case, the keyboard updates itself by downloading a ZIP file from the internet using an unencrypted HTTP connection and makes no attempt to verify the authenticity of the archive. So theoretically, someone in control of your network could intercept the download, and send the phone a malicious file instead and take control of the device.
[quote type=”border_left”]… the keyboard was signed with Samsung’s private signing key and runs in one of the most privileged contexts on the device, system user, said NowSecure said in a blog post. The vulnerability is triggered automatically (no human interaction) on reboot as well as randomly when the application decides to update [its language packs]. [/quote]
According to NowSecure, Samsung was informed about the vulnerability in November 2014 and reportedly gave a patch to mobile operators earlier this year; however, it is unclear if carriers have passed the fix to all users.
Samsung owners are advised to avoid unsecured Wi-Fi networks until the company confirms the fix.
