- My Forums
- Tiger Rant
- LSU Recruiting
- SEC Rant
- Saints Talk
- Pelicans Talk
- More Sports Board
- Fantasy Sports
- Golf Board
- Soccer Board
- O-T Lounge
- Tech Board
- Home/Garden Board
- Outdoor Board
- Health/Fitness Board
- Movie/TV Board
- Book Board
- Music Board
- Political Talk
- Money Talk
- Fark Board
- Gaming Board
- Travel Board
- Food/Drink Board
- Ticket Exchange
- TD Help Board
Customize My Forums- View All Forums
- Show Left Links
- Topic Sort Options
- Trending Topics
- Recent Topics
- Active Topics
Started By
Message
Bug discovered in Galaxy Phones Swift Keyboard App
Posted on 6/17/15 at 12:26 pm
Posted on 6/17/15 at 12:26 pm
quote:
Have a Samsung Galaxy device? Chances are it has a security flaw that lets attackers install malware on it or eavesdrop on your calls, and there's nothing you can do about it.
Chicago-based security firm NowSecure has published a report claiming that a bug in the Swift keyboard software, preinstalled on more than 600 million Samsung devices, can allow a remote attacker, which is capable of controlling a user's network traffic to execute arbitrary code on the user's phone.
quote:
The list of potentially vulnerable devices is a scary one, including Samsung Galaxy S6, S5, S4 and S4 mini on major U.S. carriers, including Verizon, AT&T, Sprint and T-Mobile. The status of some devices with regards to this vulnerability is unknown, but some — like Galaxy S6 on Verizon and Sprint, and Galaxy S5 and T-Mobile — are vulnerable.
LINK
Hmm... Even if Samsung gets this fixed, the carriers still will take their time with sending updates out.
What is Swift keyboard anyway? I had an S2, and I didn't have this.
Posted on 6/17/15 at 12:51 pm to boXerrumble
SwiftKey is a third-party keyboard app that learns your writing style over time for a more intelligent autocorrect. I use it on my Nexus 6.
For those who use the SwiftKey app by choice on other phones, this is not a concern. LINK
For those who use the SwiftKey app by choice on other phones, this is not a concern. LINK
quote:
Swiftkey is not to blame here and vulnerability is unrelated to SwiftKey’s consumer apps on Google Play and the Apple App Store. So your Swiftkey app has nothing to do with this story.
Yes, it supplies Samsung with the core technology that powers the word predictions in their keyboard.
But TechCrunch understand that the way that Swiftkey’s engine was integrated on Samsung devices introduced the security vulnerability in the first place.
It’s also a very low risk problem. For the bug to expose the phone, a user would have to be connected to a compromised network (such as a spoofed public Wi-Fi network) created for those purposes by a hacker with malicious intentions.
In a statement, Swiftkey told us that even then the access is only possible if the user’s keyboard is “conducting a language update at that specific time, while connected to the compromised network.”
It absolutely does not affect SwiftKey’s app on Google Play or the Apple App Store.
Here’s the bottom-line: our sources have told us that Samsung “screwed up” how they implemented Swiftkey’s SDK into their keyboard. Why? because they crazily gave the keyboard system level permissions.
As NowSecure says:
“It’s unfortunate but typical for OEMs and carriers to preinstall third-party applications to a device. In some cases these applications are run from a privileged context. This is the case with the Swift (sic) keyboard on Samsung… This means that the keyboard was signed with Samsung’s private signing key and runs in one of the most privileged contexts on the device, system user, which is a notch short of being root.”
Swiftkey does have one issue though: It used HTTP rather than HTTPS in some aspects of how the keyboard gets updated. This might have protected what appears to be a basic mistake in how Samsung integrated SwiftKey on their devices.
But whether it’s HTTP vs HTTPS is not the main issue here. It’s the system permissions – which is a problem laying firmly in Samsung’s camp.
Posted on 6/17/15 at 1:12 pm to boXerrumble
So first I find out Swiftkey is behind the Textra problems I'm having and now this.
Even if it's Samsung's fault this is too much bad shite for one app in one day. I uninstalled.
I'll check back in a few weeks.
Even if it's Samsung's fault this is too much bad shite for one app in one day. I uninstalled.
I'll check back in a few weeks.
Posted on 6/17/15 at 2:09 pm to boXerrumble
I thought I was on tOT and initially read the headline as
"Bug discovered in another Galaxy" and I was all like :it's happening:
... then I read it again. I am disappoint.
"Bug discovered in another Galaxy" and I was all like :it's happening:
... then I read it again. I am disappoint.
Posted on 6/17/15 at 3:20 pm to BuckeyeFan87
quote:
"Bug discovered in another Galaxy" and I was all like :it's happening:
Only good bug is a dead bug!
Popular
Back to top
Follow TigerDroppings for LSU Football News