A specialist in information security from the company NowSecure Ryan Welton reported the discovery in the Samsung vulnerability, which poses a threat of hacker attacks more than 600 million units of the company. The “hole” safety is in the “factory” SwiftKey keyboard, which is installed on Samsung phones by default. It can neither disable nor delete.
The problem is that in the application of Swift there is a weak authentication mechanism mounted keypads and updates that are received through Internet in the ZIP package. The update package is not encrypted and plain text. Using this feature, attackers can use a fake proxy server and to send to smartphones unsuspecting users with malware that can be installed on the gadgets under the guise of a language pack.
As a result of operation of this “hole” hackers can gain access to confidential data (including passwords) and remotely keep track of them.
The company NowSecure passed the information about the vulnerability of Samsung in December 2014. The vulnerability was assigned the number CVE-2015-2865. Also, experts have informed the company Google developer Android.
Interestingly, in March, Samsung released a “fix” for the operating systems Android 4.2 and above. However, in the framework of the London conference Blackhat Security Summit Velton demonstrated that the vulnerability has not disappeared anywhere. For clarity, the specialist took it on the example of the flagship smartphone Samsung Galaxy S6.
NowSecure notes that the vulnerability can be detected as a relatively older model smartphones like Galaxy Note 3, Galaxy S3, S4, S5 and new Galaxy Note 4, Galaxy S6 and Galaxy S6 edge. Prior to the release of the official patch experts advise smartphone users to be extremely careful.