Skip to main content

New exploit turns Samsung Galaxy phones into remote bugging devices



As many as 600 million Samsung phones may be vulnerable to attacks that allow hackers to surreptitiously monitor the camera and microphone, read incoming and outgoing text messages, and install malicious apps, a security researcher said.

The vulnerability is in the update mechanism for a Samsung-customized version of SwiftKey, available on the Samsung Galaxy S6, S5, and several other Galaxy models. When downloading updates, the Samsung devices don't encrypt the executable file, making it possible for attackers in a position to modify upstream traffic—such as those on the same Wi-Fi network—to replace the legitimate file with a malicious payload. The exploit was demonstrated Tuesday at the Blackhat security conference in London by Ryan Welton, a researcher with security firm NowSecure. A video of his exploit is here.



Phones that come pre-installed with the Samsung IME keyboard, as the Samsung markets its customized version of SwiftKey, periodically query an authorized server to see if updates are available for the keyboard app or any language packs that accompany it. Attackers in a man-in-the-middle position can impersonate the server and send a response that includes a malicious payload that's injected into a language pack update. Because Samsung phones grant extraordinarily elevated privileges to the updates, the malicious payload is able to bypass protections built into Google's Android operating system that normally limit the access third-party apps have over the device.

Surprisingly, the Zip archive file sent during the keyboard update isn't protected by transport layer security encryption and is therefore susceptible to man-in-the-middle tampering. The people designing the system do require the contents of that file to match a manifest file that gets sent to the phone earlier, but that requirement provided no meaningful security. To work around that measure Welton sent the vulnerable phone a spoofed manifest file that included the SHA1 hash of the malicious payload. He provided more details about the exploit and underlying vulnerability here and here.

Welton said the vulnerability exists regardless of what keyboard a susceptible phone is configured to use. Even when the Samsung IME keyboard isn't in use, the exploit is still possible. The attack is also possible whether or not a legitimate keyboard update is available. While SwiftKey is available as a third-party app for all Android phones, there's no immediate indication they are vulnerable, since those updates are handled through the normal Google Play update mechanism.

For the time being, there's little people with vulnerable phones can do to prevent attacks other than to avoid unsecured Wi-Fi networks. Even then, those users would be susceptible to attacks that use DNS hijacking, packet injection, or similar techniques to impersonate the update server. There is also no way to uninstall the underlying app, even when Galaxy owners use a different keyboard. In practical terms, the exploit requires patience on the part of attackers, since they must wait for the update mechanism to trigger, either when the phone starts, or during periodic intervals.

Read More

Labels

Labels:

Comments

Post a Comment

Popular posts from this blog

How To Hide Text In Microsoft Word 2007, Reveal It & Protect It

Sometimes what we hide is more important than what we reveal. Especially, documents with sensitive information, some things are supposed to be ‘for some eyes only’. Such scenarios are quite common, even for the more un-secretive among us. You want to show someone a letter composed in MS Word, but want to keep some of the content private; or it’s an official letter with some part of it having critical data. As important as these two are, the most common use could involve a normal printing job. Many a time we have to print different versions of a document, one copy for one set of eyes and others for other sets. Rather than creating multiple copies and therefore multiple printing jobs, what if we could just do it from the same document?  That too, without the hassle of repeated cut and paste. We can, with a simple feature in MS Word – it’s just called Hidden and let me show you how to use it to hide text in Microsoft Word 2007. It’s a simple single click process. Open the docum...
1 comment
Read more

Boom, the startup that wants to build supersonic planes, just signed a massive deal with Virgin

Have you heard about Boom? Boom is a relatively new startup that’s aiming to build something pretty crazy. They’re not building an app… or a social network… or even some new gadget for the Kickstarter crowd. Boom wants to build planes. Really, really, really fast planes. Specifically, they’re trying to design and build a supersonic passenger plane that goes 2.2x the speed of sound. If all goes to plan, they’ll be able to shuttle people from New York to London in 3.5 hours, and SF to Tokyo in 4.5. Sound crazy? I wouldn’t disagree. It’s worth noting that the company is in the very early days for something as intensive, massive, and hugely expensive as designing and producing a passenger aircraft. They’re still working on their first prototype, and hope to fly it by late next year. But it’s also worth noting that the team behind the plane has some serious talent in its blood: the company’s 11 employees have collectively contributed to over 30 aircrafts — having worked on thin...
Post a Comment
Read more

Fun Tools to Translate Your Name into Japanese Calligraphy

Japanese calligraphy is an artistic writing style of the Japanese language. Its Chinese origins can be traced back to the twenty-eighth century BCE. Calligraphy found its way into Japanese culture in 600 CE and is known as the karayo tradition. For Westerners, calligraphy is forever fascinating. However, it takes years to learn how to properly draw the signs. Two basic principles must be known to understand Japanese writing: there are different writing styles and different alphabets. Kaisho for example, is a writing style most commonly used in print media. Tensho on the other hand is used in signatures. Other writing styles are Reisho, Gyosho and Sousho. The alphabets include Kanji, Hiragana, and Katakana. Katakana is used for writing foreign words. It can also serve to highlight words, in analogy to capital letters as we know them from the Roman / Latin alphabet (Romaji in Japanese). Each Kanji character has a meaning of its own, while Hiragana or Katakana characters merely repres...
Post a Comment
Read more