Thursday, June 18, 2015
Samsung keyboard vulnerability exposes triple whammy mobile flaw
Researchers at NowSecure have uncovered a vulnerability in the stock keyboard that is pre-installed on 600 million Samsung mobile devices, including the new Galaxy S6, that can apparently enable a remote arbitrary code execution attack. According to the researcher Ryan Welton, the SwiftKey IME keyboard update mechanism can be manipulated by a remote attacker capable of controlling user network traffic, and can then execute code as a privileged system user on the target phone. As far as we can tell, the threat itself only actually applies to users of Samsung mobile devices which run a stock keyboard version of the SwiftKey keyboard, rather than the app which is available for download from the Apple or Google Play stores (this appears to be confirmed by the developers). Which begs the question, if the standalone download is secure what went wrong with the Samsung IME keyboard development process?