A vulnerability has been discovered with the Swift Keyboard on Samsung phones.The keyboard comes pre-installed and cannot be disabled or uninstalled. The Vulnerability allows a remote attacker to control a user’s network traffic and Can execute code as a privileged system user on the end user’s phone.
Craig Young, Cybersecurity Researcher at Tripwire says attackers can load Malware on all the phones with this vulnerability. Lane Thames, Security Research and Software Development Engineer at Tripwire says unfortunately there is no patch available at this time.
Craig Young, Cybersecurity Researcher with Tripwire:
“In my eyes however the crux of the biscuit here is the state-sponsored attack. Nations with an eye toward spying on and oppressing dissidents can have a field day with this vulnerability silently installing malware onto all the affected Samsung devices connecting through the cellular internet connection. Defense against this type of attacker and detection of the resulting attack is far more difficult for the average user and power users alike. Until Samsung devices get patched, the most paranoid users will want to take advantage of censorship bypassing VPN services like privateinternetaccess.com that give users the control to prevent any plaintext communication directly from the Android. Of course all bets are off if the pop-out point from the VPN is on a network controlled or influenced by an adversary.”
Lane Thames, Security Research and Software Development Engineer at Tripwire:
“The Samsung/SwitfKey keyboard vulnerability is an irritating one. It is irritating because most users will not be able to uninstall the vulnerable software and because most carriers are currently not shipping a patch, at least according to information available today. There are many good keyboards available for the Samsung device, so a simple solution could be to just remove the vulnerable keyboard. Unfortunately, neither Samsung nor most wireless carriers want you to do that, usually for the same reasons they sell locked phones. On the plus side for the end user, this vulnerability requires a bit of effort to successfully exploit, according to the technical details that have been released. It requires a MITM attack infrastructure where a vulnerable keyboard application initiates a language pack download or update. From the details, this update/download initiation occurs after boot and periodically during normal use. To minimize risk until a patch is available, users should refrain from rebooting their device if connected to WiFi and, particularly, should refrain connecting to unknown or insecure WiFi. This issue could be exploited over the cellular network, but it is a harder approach except for the most experienced attackers.”
[su_box title=”About Tripwire, Inc.” style=”noise” box_color=”#336588″]
Tripwire, Inc., a global provider of risk-based security and compliance management solutions, today announced Tripwire® Enterprise™ version 8.3 featuring a new, stand-alone Policy Manager™. Tripwire Policy Manager provides the detailed visibility into system configurations critical to minimizing security risks and ensuring compliance.[/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.