Users Samsung phones do not have an easy life recently. In April, said risks associated with a fingerprint reader, while nowadays the problem described in Niebezpieczniku is much larger. Concerns the more than 600 million users and those who use Samsung’s software must be on guard.
It turns out that models S5 and S6 can be turned into … bed bugs. Gaining access to the webcam and microphone is possible “thanks” Vulnerability IME keyboard, based on SwiftKey, which modified the Samsung. In addition, the victim phone, you can read incoming and outgoing SMS messages, as well as install unwanted software. Unfortunately, even if you are using a system other than the keyboard, the problem you will also be affected. What exactly is it? Niebezpiecznik.pl explains:
The problem stems from the fact that when the keyboard IME language packs downloads updates, the connection is not fully encrypted (not covered by it * .zip files ). The attackers, who are on your route packets (eg. The owners hotspots, operators or other users of the local network, who will perform ARP spoofing attacks) so they can replace you download the package pernicious. Because the process of granting privileges ponadnormalnych responsible for updating, tossed the code can bypass the built-in Android restriction (sandboxing) – to go out to a different directory than the application, the researcher took advantage of a well-known trick with granting payloadowi a .zip file name like “.. /../../../ here / payload “.
As Niebezpiecznik we advise you to get rid of Samsung’s original software to other solutions such. CyanogenMod. The solution is also zrootowanie phone and delete the files on the IME. If you do not perform any of these tasks definitely avoid open Wi-Fi networks (hot spots) or, consider the use of a VPN.
Below the video of the attack described above:
No comments:
Post a Comment