SwiftKey Vulnerability Puts 600M Samsung Devices at Risk to Remote Takeover
Bad news for Samsung device owners all across the world, a critical vulnerability has uncovered affecting 600 million Samsung devices leaving them vulnerable to exploit. Security researcher Ryan Welton, from Nowsecure has reported that all Samsung mobile devices running the Android operating system could be vulnerable to the attack.
Welton detailed NowSecure’s findings at the Blackhat Security Summit in London. According to Welton and his researchers, the exploit stems from the pre-installed SwiftKey keyboard. The vulnerability lies within the way Swiftkey handles updates and new language pack updates. If the update is made over an insecure and unencrypted connection, hackers could potentially inject malicious content into updates going to the device from a spoofed server.
During his presentation, Welton described how a hacker could scale up their attack to essentially take over vulnerable mobile devices while the end user remains totally unaware. The bug is believed to be widespread, affecting over 600 million Samsung devices, including the latest Galaxy S6 model.
Welton said once the Swiftkey vulnerability is exploited, potential hackers could remotely eavesdrop on the devices incoming and outgoing call messages. Hackers could also track the devices GPS sensor, cameras and tap into the microphone. Hackers can even install malicious apps on the device without user consent. Welton said more experienced hackers could tailor the exploit to access sensitive files within the device.
Nowsecure released a a proof-of-concept video demonstrating the exploit:
Welton said he disclosed the flaw to Samsung and Google’s Android security team late last year. Samsung took proper action and released a patch on the mobile networks, but Welton is still not sure if carriers have passed the patch down to their customers’ devices.
However, “we can confirm that we have found the flaw still unpatched on the Galaxy S6 for the Verizon and Sprint networks, in off the shelf tests we did over the past couple of days,” Nowsecure said in a blog post.
“We’ve seen reports of a security issue related to the Samsung keyboard. We can confirm that the SwiftKey Keyboard apps available via Google Play or the Apple App Store are not affected by this vulnerability,” Swiftkey said in a statement. “We take reports of this manner very seriously and are currently investigating further.”
Samsung has begun to implement Swiftkey as the default keyboard for the device, meaning it’s hardcoded into the firmware. This prompts additional security flaws, leaving users who don’t even use the keyboard vulnerable to the exploit.
Samsung has begun to reach out to mobile carriers to assure the flaw has been properly patched on customer devices. In the meantime, we recommend you stay away from unknown and shady wifi networks.
