Samsung vulnerability exposed with over 600 million devices affected worldwide
NowSecure security researcher Ryan Welton has exposed a security risk that affects over 600 million Samsung devices world wide. The risk comes from the pre-installed Swiftkey keyboard. Samsung gave the app system user privileges, which is one step away from root. The app cannot be uninstalled or disabled in the system.
“If the flaw in the keyboard is exploited, an attacker could remotely:
- Access sensors and resources like GPS, camera and microphone
- Secretly install malicious app(s) without the user knowing
- Tamper with how other apps work or how the phone works
- Eavesdrop on incoming/outgoing messages or voice calls
- Attempt to access sensitive personal data like pictures and text messages”
Samsung issued a patch to mobile network providers early 2015, but it is unclear if the carriers have provided the necessary update to patch the vulnerability at this point. Check the list below to check if your device is affected
| DEVICE | CARRIER | PATCH STATUS |
| Galaxy S6 | Verizon | Unpatched |
| Galaxy S6 | AT&T | Unknown |
| Galaxy S6 | Sprint | Unpatched |
| Galaxy S6 | T-Mobile | Unknown |
| Galaxy S5 | Verizon | Unknown |
| Galaxy S5 | AT&T | Unknown |
| Galaxy S5 | Sprint | Unknown |
| Galaxy S5 | T-Mobile | Unpatched |
| Galaxy S4 | Verizon | Unknown |
| Galaxy S4 | AT&T | Unknown |
| Galaxy S4 | Sprint | Unknown |
| Galaxy S4 | T-Mobile | Unknown |
| Galaxy S4 Mini | Verizon | Unknown |
| Galaxy S4 Mini | AT&T | Unpatched |
| Galaxy S4 Mini | Sprint | Unknown |
| Galaxy S4 Mini | T-Mobile | Unknown |
What to do:
- Avoid insecure wi-fi networks
- Use a different mobile device
- Contact carriers for patch information and timing
Source
The post Samsung vulnerability exposed with over 600 million devices affected worldwide appeared first on AndroidGuys.
AIVAnet 