Nearly 600 million Samsung devices are vulnerable to a new threat

Update: An employee of Samsung, Amanda reached out to usa and had this to say apropos the latest security threat:

"The likelihood of making a successful attack, exploiting this vulnerability is low. In that location have been no reported client cases of Galaxy devices being compromised through these keyboard updates.
Simply as the reports betoken, the gamble does exist and Samsung will roll out a security policy update in the coming days. This vulnerability, as noted past the researchers, requires a very specific set of weather for a hacker to be able to exploit a device this way. This includes the user and the hacker physically existence on the same unprotected network while downloading a language update. As well, on a KNOX-protected device there are boosted capabilities in place such as real-fourth dimension kernel protection to prevent a malicious assault from being effective."

It is high time that despite the level of security introduced in Android devices, especially Samsung and its KNOX platform, consumers should accept that in that location will still be an element of a security breach. However, a serious issue might plague more than 600 meg Samsung mobile devices thank you to the company'due south default keyboard application SwiftKey being afflicted with what is existence called as a remote code execution set on.

Samsung Devices Could Be Exploited Through Unwanted Admission To Contact Data, Text Messages, Depository financial institution Logins, And Much More than

Co-ordinate to Forbes, the problem was isolated by Ryan Welton, an individual who belongs to mobile security specialists called NowSecure. Thanks to the vulnerability, it was possible for Welton to send malicious security updates to affected devices through a proxy server. Additionally he found loopholes which allowed him to tap in to more than just the contact data nowadays within the mobile device's owner.

The sources states that if the wrong hands took reward of the exploit, then text letters, bank logins and other information that the user deemed private would become instantly available to the other party. After being alerted to the upshot way back in November 2022, tech behemothic Samsung had told NowSecure that information technology was busy working on a patch in order to secure devices. Still, it appears that the problem has still persisted.

Welton, after successfully replicating the attack on a Galaxy S6 running on the carrier Verizon stated that:

"We can ostend that nosotros have institute the flaw still unpatched on the Milky way S6 for the Verizon and Dart networks, in off the shelf tests we did over the past couple of days."

Given below is a list of devices that could exist affected, along with others likewise:

• Milky way S3
• Galaxy S4
• Galaxy S5
• Galaxy Note 3
• Galaxy Note iv

A SwiftKey spokesperson has mentioned the post-obit regarding the assail:

"We've seen reports of a security outcome related to the Samsung keyboard. Nosotros tin confirm that the SwiftKey Keyboard apps available via Google Play or the Apple App Store are not affected by this vulnerability. We take reports of this manner very seriously and are currently investigating further."

NowSecure has reported that downloading a new version of SwiftKey will non remove the issue. Instead, a carrier upgrade will be mandatory in gild for the vulnerability to be removed completely. Samsung device owners will now to face a mind boggling conundrum since the default keyboard application cannot be uninstalled.

Instead, Samsung and its diligent employees are going to have to work tirelessly in gild to make sure that the attack cannot make its mark on thousands of unsuspecting Samsung device owners. Permit us promise that these individuals are able to roll out a solution in record time.

Epitome source: Softpedia

Source: https://wccftech.com/600-million-samsung-devices-vulnerable-remote-code-execution-attack/

Posted by: griggsinfur1947.blogspot.com

Share this post