NowSecure’s experts estimate that at risk
at least 600 million people – all those who bought in
Over the past years the most powerful smartphones from Samsung, using
IME, reworked by Koreans variety SwiftKey keyboard.
Ingenious attack lets you take control over the device, giving
attackers to gain access to the camera and microphone, the ability to read
a list of contacts and messages, and even remote install
their malicious applications.
Yesterday at BlackHat conference in London his discovery
Ryan presented Welton, employee NowSecure. With his explanations
it follows that the keyboard used in smartphones from Samsung uses
unencrypted update mechanism. Consequently striker
taking communication within the same during the attack
man-in-the-middle can impersonate the server for updates.
The problem would not be so serious if not for the fact that the application
keyboard without asking the user’s consent regularly polls
server manufacturer about the availability of an update for it or packages
language. What’s worse, the update process works with very large
privileges, bypassing normal security Android.
Unencrypted file that may contain hostile code, with access
to all system functions – actually someone here was very
“Ingenious”.
She wonders for the fact that someone might be thought over
This security update mechanism, but the idea did not
He was especially successful. The content update file has since
reflect what is given in the manifest file, including
containing the abbreviation SHA-1. Of course, such a file forgery
manifesto, as described by Welton is not difficult.
What’s worse, even if you change your keyboard to a safe,
the problem persists. IME Samsung is still going to be there, there will still be
poll the update server – enough to striker wait
until such request will be sent. So what to do?
Unfortunately, there is currently no solution for this issue
phone holders without root, which is after all a majority.
Avoid unsecured Wi-Fi networks, and it does not
It helps if the attackers take over for example. control of the DNS server
some public network. Users zrootowanych smartphones
should of course as soon as possible to remove the Samsung IME keyboard.
Studies have shown that the blame here, only Samsung. What
True, it has its roots in how we operate SDK keyboard
SwiftKey, but in its current version from the store Play
the threat is gone. In addition, the mechanism installed
Google app does not have such powers, as its transformation from
Korean manufacturer.
Ryan Welton said it is true that the notified earlier
Samsung has already prepared a patch for the vulnerable to attack smartphones
Galaxy, but this has no significance. The patch hit
because the selling Samsung telecoms, which would have to now
introduce her to the OTA update. WieMu and well, how much
burn telecoms to conduct security update
having already sold to customers include mobile phone models.
For more information about the mechanism of attack can be found at
company
NowSecure blog.
No comments:
Post a Comment