TipRadar.com - Forums and community

Full Version: Attention! Samsung Keyboard Security Risk Disclosed: 600M+ Devices Worldwide Impacted
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
[Image: ZGQYrhH.jpg]
Quote:Over 600 million Samsung mobile device users have been affected by a significant security risk on leading Samsung models, including the recently released Galaxy S6. The risk comes from a pre-installed keyboard that allows an attacker to remotely execute code as a privileged (system) user.

This flaw was uncovered by NowSecure mobile security researcher Ryan Welton. Samsung was notified in December of 2014. Given the magnitude of the issue, NowSecure notified CERT who assigned CVE-2015-2865, and also informed the Google Android security team.

If the flaw in the keyboard is exploited, an attacker could remotely:

• Access sensors and resources like GPS, camera and microphone
• Secretly install malicious app(s) without the user knowing
• Tamper with how other apps work or how the phone works
• Eavesdrop on incoming/outgoing messages or voice calls
• Attempt to access sensitive personal data like pictures and text messages

Quote:While Samsung began providing a patch to mobile network operators in early 2015, it is unknown if the carriers have provided the patch to the devices on their network. In addition, it is difficult to determine how many mobile device users remain vulnerable, given the devices models and number of network operators globally.

How to detect it
See if your Samsung mobile device is on this list. There are several Samsung mobile devices impacted. As of June 16 2015, this is the known (but not all-inclusive) list of impacted devices by carrier with patch status:

Device - Carrier - Patch Status
Galaxy S6 - Verizon - Unpatched
Galaxy S6 - AT&T - Unknown
Galaxy S6 - Sprint - Unpatched
Galaxy S6 - T-Mobile - Unknown
Galaxy S5 - Verizon - Unknown
Galaxy S5 - AT&T - Unknown
Galaxy S5 - Sprint - Unknown
Galaxy S5 - T-Mobile - Unpatched
Galaxy S4 - Verizon - Unknown
Galaxy S4 - AT&T - Unknown
Galaxy S4 - Sprint - Unknown
Galaxy S4 - T-Mobile - Unknown
Galaxy S4 Mini - Verizon - Unknown
Galaxy S4 Mini - AT&T - Unpatched
Galaxy S4 Mini - Sprint Unknown
Galaxy S4 Mini - T-Mobile Unknown

Reduce your risk
Unfortunately, the flawed keyboard app can’t be uninstalled. Also, it isn’t easy for the Samsung mobile device user to tell if the carrier has patched the problem with a software update. However, there are a few initial remedies the mobile device user can take for protection:

• Avoid insecure wi-fi networks
• Use a different mobile device
• Contact carriers for patch information and timing

Source: Guests cannot see links. Registration or Login is required.
Thanks