A US cyber security company discovered a flaw from virtual keyboards SwiftKey pre-installed on Samsung. More than 600 million mobile would be affected.
Samsung users may have to be wary of their key smartphone. The IT security company has flushed NowSecure a vulnerability that affects it claims more than 600 million mobile Samsung around the world, including in France.
In case the virtual keyboard SwiftKey, which part of the overcoat Samsung, a suite of apps and features that manufacturers and operators to rajoutent Android. Like any application, SwiftKey undergoes frequent updates. NowSecure discovered that when the phone is searching for updates to the language pack, it communicates openly, without encrypting the request. Result: the researchers were able to impersonate the server that sends updates to Samsung and inject programs to phones allows use of devices without users’ knowledge
Unable to. uninstall
The report NowSecure says that if the flaw was exploited, a hacker could include:
• Access to resources and sensors such as GPS, the camera and microphone. •
secretly install malicious apps.
• Spying on incoming and outgoing messages or calls.
• Attempting to access sensitive personal data such as photos or texting.
This vulnerability models Galaxy S4, S4 Mini, S5 and S6. Note that the SwiftKey app, also available for other phones on Google Play and the App Store, is not affected by this vulnerability. Only its pre-installed version in Samsung phones present a risk. This is also the problem: as it is one of the basic programs that come with the phone, as well as apps from Google, you can not uninstall it. Until the problem is resolved, NowSecure advises users to “avoid unsecured Wi-Fi networks,” or more radically to “use another mobile device.” For its part, Samsung announced an imminent update its Knox security solution to fill this gap.
French operators concerned
NowSecure notified this flaw to Samsung in December 2014, as well as the Android security team, the mobile operating system from Google used by Samsung. Samsung has released a patch early 2015, but “it is not known if the telephone operators have implemented this fix in the devices of their networks,” says NowSecure. The company has released a list of affected operators in the United States. Contacted by Le Figaro , it nevertheless confirms that the phenomenon is “global” and therefore as France is concerned. Among contacted French operators, Bouygues Telecom has only so far been able to provide an answer. The company ensures that “Samsung has never traced the problem to our technical teams” and is now “very serious study.”
No comments:
Post a Comment