In a statement, SwiftKey says it is "doing everything we can to support our long-time partner Samsung in their efforts to resolve this obscure but important security issue." Mitigating steps suggested by NowSecure including avoiding insecure Wi-Fi networks, contacting your carrier for more information - or, most effectively, just "use a different mobile device." Not only does SwiftKey come pre-installed on devices, it can't be uninstalled, leaving users constantly vulnerable until their carrier rolls out the patch.
So what can users do to stop this happening? Very little, actually. Welton also told Forbes that "Fully remote attacks are also feasible by hijacking the Domain Name System (DNS), the network layer that directs user traffic to the right website after they ask to visit a particular URL, or by compromising a router or internet service provider from afar." The company estimates as many as 600 million devices could be affected.ĭevices are vulnerable when they log on to insecure networks, such as a public Wi-Fi hotspot. Recent NowSecure tests found that the the Galaxy S6 is unpatched on both the Verzion and the Sprint network in the US, as well as the T-Mobile Galaxy S5, AT&T Galaxy S4 Mini, and multiple other devices.
In short: Samsung can produce the best fixes in the world, but they're no good to anyone if the carriers don't push them to their users. In addition, it is difficult to determine how many mobile device users remain vulnerable, given the devices models and number of network operators globally."
#Samsung swift share Patch
NowSecure researcher Ryan Welton says that the company notified Samsung in December 2014, and the company produced a patch in "early 2015." However, Samsung is reliant on carriers to roll out the patch, and "it is unknown if the carriers have provided the patch to the devices on their network.
#Samsung swift share install
Secretly install malicious app(s) without the user knowing.Access sensors and resources like GPS, camera and microphone.Here's what NowSecure claims attackers can remotely do using the vulnerability:
#Samsung swift share update
Samsung gives SwiftKey typing software included on its devices system-level access, and the software also installs updates in plain text, security company NowSecure says - which, when combined, make it possible for an intruder to hijack the update and remotely execute code and malicious programs. A row of Galaxy S6 edge smartphones are seen on display after the Samsung Galaxy Unpacked event before the Mobile World Congress in Barcelona March 1, 2015.Ī major vulnerability in software that comes bundled with Samsung phones has left as many as 600 million Samsung smartphone owners at risk of hacking, according to a report in Forbes.
0 kommentar(er)
