The vulnerability lives in the phones' keyboard software, which can't be deleted. The flaw potentially allows hackers to spy on anyone using a Samsung Galaxy phone. The problem involves the word prediction software used by Samsung devices. It's made by British tech firm SwiftKey, which Samsung installs in devices at the factory. NowSecure researchers discovered that the SwiftKey keyboard can be tricked to accept a malicious file when the software updates. Because of the way the keyboard is installed, that virus can access some of the deepest, core parts of the phone's computer system. With that level of access, a hacker can then do pretty much anything to your phone.
Neither Samsung nor SwiftKey have claimed responsibility for inserting the flawed computer code. In a public statement, SwiftKey said it only found out about the flaw. SwiftKey said "the way this technology was integrated on Samsung devices introduced the security vulnerability."
This fractured system causes frequent complaints from users, who must patiently wait for all new software: everything from new features to patches for dangerous computer bugs.
To calm down worried users, the British firm argued that this hack isn't easy to pull off. It involves particular timing. A hacker can only sneak into a device when the keyboard software is applying a software update. The company also said it's about to patch the issue through its Samsung KNOX service. "Updates will begin rolling out in a few days," the company said, although it's unclear whether all devices will receive the fix.
NowSecure advised Samsung Galaxy users to avoid insecure Wi-Fi, ditch their phones, and call their cell phone carriers to pressure them into a quick fix.
You can be exposed by using public or insecure Wi-Fi. But some researchers think users are exposed even on cell phone networks. This hack isn't easy. But it's a tactic for cyberattackers on a mission with lots of money and access WiFi or cell networks.
It also exposes high-level U.S. government officials. Samsung just earned the NSA's blessing for its Galaxy devices, which were approved for use by government employees. And the latest hack of federal employees shows they are valuable targets.
Samsung Electronics' Galaxy devices have been approved by the U.S. National Security Agency under a program for quickly deploying commercially available technologies.
The Commercial Solutions for Classified (CSfC) program only lists devices that have met the agency's security standards and may not necessarily translate into large government orders for the South Korean company.
The products selected under the program of the NSA and Central Security Service include the Galaxy S4 and S5, Galaxy Note 3 and Galaxy Note 10.1 2014 Edition under the classification of mobile platforms. Also included under the mobile platforms classification is Boeing Black, a smartphone designed for defense and security applications by the aircraft maker.
Samsung said it has been seeking security certifications from relevant government bodies across the world for devices using the Samsung Knox platform.
Knox is an Android-based platform that aims to enhance security of the open-source Android. Devices using the platform allow users to switch between a personal space where personal data can be stored and the protected Knox Workspace container.
Five Samsung mobile devices were included on the list of products approved for sensitive but unclassified use by the Defense Information Systems Agency (DISA) of the U.S. Department of Defense. DISA certifies commercial technology for defense use.
No comments:
Post a Comment
Feedback from readers of my posts show so I expected.
Comments written just typed the words were polite, suggestions for improvement are posting to constructive criticism.
A comment which has nothing to do with the post, leaving the active link or spam.
In order to create a discussion for the creation of useful knowledge sharing