Thursday, June 18, 2015

Samsung Galaxy flaw: a patch will be released directly by the … – 01net

01net

on 18/06/15 at 1:32 p.m.

<- start r & eacute;! social networks - block high buttons 649 />/ ->

<- beginning belly section -> <- top picture box: image forc & eacute; e agrave;! 300px wide ->

Finally, the patch to fill the famous fault SwiftKey Samsung Galaxy may come faster than expected. Revealed a few days ago by a security researcher, the vulnerability would allow hackers to take control of any model, the S4 to S6 (see below). Samsung had already developed a patch early 2015, but it is very difficult to spread. Indeed, following a trade agreement, the keyboard SwiftKey has been integrated natively in the Samsung system. When the unit was purchased from an operator, it is the latter that broadcasts the system updates. Which, obviously, seems to take time.

To work around this problem, Samsung has found another solution. He soon release a patch directly through its suite Samsung Knox, which offers a lot of security features and is usually installed automatically on the terminals. “Samsung Knox has the ability to update the phones security policy by terrestrial (over-the-air), to eliminate all potential vulnerabilities caused by this problem. The updates to the security policy will be released in a few days. Furthermore, we work with SwiftKey to address potential risks in the future “ says to the Samsung website AndroidCentral.com.

Article published June 16, 2015

Hackers can take control of almost all Samsung Galaxy

A flaw in the update mechanism to install and execute arbitrary code on the Galaxy S4, S5 and S6. Samsung has developed a patch, but it takes time to be released.

On the occasion of BlackHat Mobile Security Summit, held on 16 and 17 June in London, security researcher Ryan Welton NowSecure the company showed that it was possible to hack remotely any smartphone Samsung Galaxy S4 model the latest S6. This represents approximately a whopping 600 million smartphones in circulation in the world.

The flaw would install an application without maveillante that the user can notice it. It gives access to material resources, such as phone, camera, GPS or microphone. It is an ideal way to spy on the user of a Galaxy and steal data. And the bad news is that the user can do almost anything if he has acquired his mobile in a mobile operator: only the latter can distribute the saving patch

To achieve its hack. Ryan Welton is based on a well-known application and installed automatically on all the latest Samsung Galaxy: The SwiftKey keyboard. Since the launch of Galaxy S4, it is natively integrated in Samsung smartphones. As such, this application has very high execution privileges (“system user”).



A procedure for updating bit secure

But the researcher discovered that the virtual keyboard updates were not done in an encrypted manner. The application packages are downloaded clear and may be modified in passing through a “man in the middle” attack, for example. Which allows to install any code on the phone, including executable code.

Hacker responsible Ryan Welton has obviously contacted Samsung in advance when he discovered the flaw in November 2014. According to Wall Street Journal , the manufacturer was asked to retain this information until the end of 2015, but the researcher estimated that this period was too long. He took BlackHat to make it public. Samsung, meanwhile, has developed a patch early 2015, but it must be broadcast by the mobile operator of each user. A process that can be long and complex. Meanwhile, it is advisable to avoid the networks that inspire little confidence, because the keyboard SwiftKey can not be uninstalled

Sources:.

NowSecure Blog Notes, WSJ, BlackHat

LikeTweet
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)