Hackers can use SwiftKey to remotely take over Samsung devices including Galaxy S6

New exploit could turn around 600 million Samsung Galaxy phones into remote bugging devices

This is bad news for the 600 million Samsung device owners all over the world. Ryan Welton from NowSecure has said that all Samsung mobile devices running on Android operating system could be vulnerable to a new type of security hack.

Ryan Welton from NowSecure detailed his findings at the Blackhat Security Summit in London. According to Welton the exploit arises out of the pre-installed SwiftKey keyboard. The Swiftkey updates its language packs as and when they become available. However, the updates are done over unencrypted lines and via plain text making it susceptible for hackers to introduce malicious content in the updates pack from any spoofed proxy server.

In his presentation, Welton said that a hacker could scale up the attack to basically take over a vulnerable mobile device while the user remains unaware. This SwiftKey bug affects over 600 million Samsung users, including those who are using the latest Samsung Galaxy S6.

According to Welton, once the flaw is exploited, a potential hacker can remotely eavesdrop on incoming and outgoing messages or voice calls. The hacker could also access GPS sensors, cameras, and microphones as well as install malicious apps without the user’s knowledge or consent. Welton says more savvy attackers could use the exploit to access sensitive files like photos and text messages on users Samsung device.

Welton says that he discovered the bug late last year and alerted Samsung and the Google’s Android security team. Samsung took corrective action and dispatched a patch to all the mobile networks but Welton says he is not sure if the carriers have passed the patch down to all their customers’ devices on the network. Also the fate of unlocked Samsung devices owners who rely on patches and updates directly from Samsung, is not known.

According to NowSecure, “We can confirm that we have found the flaw still unpatched on the Galaxy S6 for the Verizon and Sprint networks, in off the shelf tests we did over the past couple of days.”

PoC video of the exploit

SwiftKey, on its part, tried to assuage the fears of Samsung device owners by saying, “We’ve seen reports of a security issue related to the Samsung keyboard. We can confirm that the SwiftKey Keyboard apps available via Google Play or the Apple App Store are not affected by this vulnerability. We take reports of this manner very seriously and are currently investigating further.”

As SwiftKey is a native App and a default keyboard, there is no way to uninstall it. Even if the keyboard isn’t being used, it still makes the phone vulnerable. Samsung mobile users are advised to reach out to their mobile carriers and ask if a patch is available.It is also a good idea to stay away from unknown Wi-Fi networks.

Update : Looks like SwiftKey is not at fault on this one but Samsung is. Techcrunch says that their sources have told them that Samsung “screwed up” how they implemented Swiftkey’s SDK into their keyboard. Why? because they crazily gave the keyboard system level permissions.

As NowSecure says: “It’s unfortunate but typical for OEMs and carriers to preinstall third-party applications to a device. In some cases these applications are run from a privileged context. This is the case with the Swift (sic) keyboard on Samsung… This means that the keyboard was signed with Samsung’s private signing key and runs in one of the most privileged contexts on the device, system user, which is a notch short of being root.”

1 COMMENT

  1. I don`t get companies that try to bloatware their divices with every little thing ? I use Swiftkey but i like to have my phone come with an android as clean as it can be and then i decide what to install on my device. This way a company can avoid having such issues and their terminals run even better and issue faster updates not having to integrate every little crap in the phone. I run on an Galaxy S3 with 1 GB ram CM 12.1 Android 5.1.1 with no issues. We have great hardware in our phones (no matter the company) but they get crippled by software loaded with bloatware.

LEAVE A REPLY

Please enter your comment!
Please enter your name here