(Dagbladet): A critical security flaw in Samsung’s integrated keyboard program, SwiftKey, can potentially give hackers free access to your phone.
In a new report from security firm Nowsecure, it emerged that Samsung phones can easily be hijacked when SwiftKey software sends a request for service to a server.
This request is done automatically, regardless if you use your keyboard or not. There is also no way to delete the keyboard software from your phone. The company examines Ryan Welton told the Blackhat conference in London yesterday that 600 million Samsung devices are vulnerable, writes Computerworld.
Took over phone
Security experts could easily take over the phones without the user was clear over there, and got access to library, microphones and monitoring user. The error applies Samsung devices that have application preinstalled, which applies a range of Samsung models.
The error is verified on Samsung Galaxy S6, S6 and Galaxy S4 Mini, but can also occur on models where the application is preinstalled.
In order for hackers to access your phone, it requires, however, that the phone is connected to an unsecured Wi-Fi networks. Such is often available at cafes, malls and public places with Wi-Fi.
On Nowsecures sites recommended to avoid public, unsecured network, or to use another phone until Samsung has fixed the problem.
NowSecure boss Andrew Hoog says according to Forbes that the error probably applies majority of Samsung devices with Android operating system, including S3, S4, S5, and Galaxy Note 3 and 4.
Confirms holes
The company behind the keyboard software, SwiftKey, confirms on its website that it is a security flaw in the software that is preinstalled on Samsung devices.
– This issue does not apply to apps downloaded to Google Play or App Store. We provide Samsung with technology providing input on their keyboards. It seems that the way this technology is integrated in Samsung devices leads to security weakness, the company said.
– We do everything we can to help our long-standing partner Samsung to resolve this serious security problem, they write.
However, it is not just taking over a Samsung phone with SwiftKey software. According to the company must be a hacker to have a specific goal to take over a phone while connected to a public network. In addition, the current phone undertake an update of SwiftKey software at the same time.
According Nowsecure warned Samsung on the issue as early as November last year and was told by Samsung that they worked on a solution.
In March, Nowsecure have been told by Samsung that a solution was distributed to wireless providers in the US, and asked the company to wait three months before they revealed the error. Last week bought security company two new phones, and found that both had security weakness, writes Wall Street Journal.
No comments:
Post a Comment