[Updated] 600 Million Samsung Devices Could Be Vulnerable To Remote Code Execution Attack


Update: An employee of Samsung, Amanda reached out to us and had this to say concerning the latest security threat:

“The likelihood of making a successful attack, exploiting this vulnerability is low. There have been no reported customer cases of Galaxy devices being compromised through these keyboard updates.
But as the reports indicate, the risk does exist and Samsung will roll out a security policy update in the coming days. This vulnerability, as noted by the researchers, requires a very specific set of conditions for a hacker to be able to exploit a device this way. This includes the user and the hacker physically being on the same unprotected network while downloading a language update. Also, on a KNOX-protected device there are additional capabilities in place such as real-time kernel protection to prevent a malicious attack from being effective."

It is high time that despite the level of security introduced in Android devices, particularly Samsung and its KNOX platform, consumers should accept that there will still be an element of a security breach. However, a serious issue might plague more than 600 million Samsung mobile devices thanks to the company’s default keyboard application SwiftKey being afflicted with what is being called as a remote code execution attack.

Samsung Devices Could Be Exploited Through Unwanted Access To Contact Data, Text Messages, Bank Logins, And Much More

According to Forbes, the problem was isolated by Ryan Welton, an individual who belongs to mobile security specialists called NowSecure. Thanks to the vulnerability, it was possible for Welton to send malicious security updates to affected devices through a proxy server. Additionally he found loopholes which allowed him to tap in to more than just the contact data present inside the mobile device’s owner.

The sources states that if the wrong hands took advantage of the exploit, then text messages, bank logins and other information that the user deemed private would become instantly available to the other party. After being alerted to the issue way back in November 2014, tech giant Samsung had told NowSecure that it was busy working on a patch in order to secure devices. However, it appears that the problem has still persisted.

Welton, after successfully replicating the attack on a Galaxy S6 running on the carrier Verizon stated that:

“We can confirm that we have found the flaw still unpatched on the Galaxy S6 for the Verizon and Sprint networks, in off the shelf tests we did over the past couple of days.”

Given below is a list of devices that could be affected, along with others as well:

  • Galaxy S3
  • Galaxy S4
  • Galaxy S5
  • Galaxy Note 3
  • Galaxy Note 4

A SwiftKey spokesperson has mentioned the following regarding the attack:

“We’ve seen reports of a security issue related to the Samsung keyboard. We can confirm that the SwiftKey Keyboard apps available via Google Play or the Apple App Store are not affected by this vulnerability. We take reports of this manner very seriously and are currently investigating further.”

NowSecure has reported that downloading a new version of SwiftKey will not remove the issue. Instead, a carrier upgrade will be mandatory in order for the vulnerability to be removed completely. Samsung device owners will now to face a mind boggling conundrum since the default keyboard application cannot be uninstalled.

Instead, Samsung and its diligent employees are going to have to work tirelessly in order to make sure that the attack cannot make its mark on thousands of unsuspecting Samsung device owners. Let us hope that these individuals are able to roll out a solution in record time.

Image source: Softpedia