A vulnerability in Samsung smartphones has been discovered that could allow hackers to gain access to the system and do as they please. The issue lies with the update mechanism on Samsung’s version of the SwiftKey keyboard installed on all Samsung Galaxy phones, which isn’t encrypted and could be subjected to man-in-the-middle attacks.
The Samsung IME keyboard (which is what Samsung calls its customised version of SwiftKey) periodically checks in with an authorised server to see if there is an update available. Due to the unsecured nature of this traffic, it isn’t too difficult for hackers to hijack the traffic and fool the system into downloading their own malicious payload. Samsung grants elevated privileges to these upgrades, which allows the hackers to use it to circumvent the protections built into Android.
Researcher Ryan Welton demonstrated the attack during a BlackHat security conference this week, and has pointed out that it still works even if the owner of the phone does not use the Samsung IME keyboard; the update mechanism still checks with the server even if the user never uses the keyboard. Fortunately for other SwiftKey users, this vulnerability does not extend to them as updates go through the Google Play update mechanism and prevents this from happening.
There is little that Samsung Galaxy users can do about the vulnerability except wait for it to be patched. It is understood that Samsung is aware of the problem, and has pushed out a security patch to carriers. Most users should be receiving the fix soon; although those that rely on network operators to push out updates may be waiting a bit longer.
[Source: Ars Technica]