NowSecure estimates that 600 million devices could be vulnerable, including the Samsung Galaxy S5 on Verizon and the S4 Mini on AT&T. NowSecure researchers Ryan Welton yesterday at the Black Hat Mobile Summit in London disclosed a vulnerability in the keyboard’s update mechanism that occurs because of the way Samsung signs over-the-air updates with its private key granting the swipe-style keyboard system-user permissions. The Swift keyboard, installed by default on Samsung Android mobiles, exposes devices to a host of remote attacks that could be executed by attackers ranging from criminals sitting man-in-the-middle on local Wi-Fi networks, to a state actor in an upstream position at an ISP or backbone.
0 Comments
Leave a Reply. |