Tuesday, 25 July 2017
Mobile Security

Samsung Galaxy Phones Vulnerable to Highjack due to Swiftkey Update Hack

With Samsung phones selling like hot cake, the recent news that up to 600 million Samsung Galaxy phones could be vulnerable to hackers will be disheartening for a lot of people.

According to the security researcher who investigated the vulnerability, the hacker can easily access all the information of the Samsung smartphone including messages, camera and microphone. Moreover, the hacker can also payload a 3rd party malicious app.

The culprit, in this case, is the update mechanism of Samsung’s customised version of SwiftKey, which enables a hacker with malicious intent to to modify the content of the update and load the payload without any detection from the smartphone security.

According to the researcher, the hack is done through the man-in-the-middle attack, which exploits the fact that the update is not done through a secure channel, leaving over 600 million Samsung Galaxy phones vulnerable.

You can watch the exploit below.

The video clearly shows a lack of security in the update mechanism of Samsung’s SwiftKey keyboard. The Samsung Galaxy phones gives special permissions to the updates, which seems to override the built-in Android security, which is then open for the hacker to exploit.

Another way of checking the validity of download package is bypassed by dropping spoofed malicious file with the SHA1 hash.

The vulnerability is more serious as the researcher claims that the hacker can still send in malicious payload even if the Samsung users decide to use another keyboard app.

The automatic update checker doesn’t check whether the Samsung user is using the SwiftKey or not, so whether you avoid the built-in keyboard or not, you face the same fate.

The vulnerability is going to affect the Samsung Galaxy S5 users. Galaxy S6 and Galaxy S4 mini are also reported to be vulnerable to the exploit.

According to SwiftKey, the vulnerability does not affect versions of the App that user can download at the PlayStore or Apple Store. So, these issue is unique to Samsung Galaxy phones.

Although avoiding open and insecure Wi-Fi hotspots can offer you some level of protection, it is not foolproof as hackers can still get in through messages

Samsung is reported to have released a patch to operators, but until those operators actually make those updates available to their customers, millions of users will remain vulnerable.

This issue has also brought up the issue of slow updates on Android devices. While Google releases updates fast, it takes months, years, and even forever to reach end-users.

Do, you know anyone who is using a Samsung Galaxy Smartphone? Let them know about the vulnerability.