Hackers can easily break into Samsung Galaxy phones and spy on the entire life of their users, through the SwiftKey keyboard – even when the users isn’t using it.
A vulnerability in software on the phones lets hackers look through the phones’ camera, listen to the microphone, read incoming and outgoing texts and install apps, according to researchers. Until Samsung fixes the problem, there is little that owners of the phone can do beyond staying off unsecured wifi networks.
The hack works by exploiting a problem with the Samsung IME keyboard, a re-packaged version of SwiftKey that the company puts in Samsung Galaxy keyboards. That software periodically asks a server whether it needs updating — but hackers can easily get in the way of that request, pretend to be the server, and send malicious code to the phone.
“The Samsung/SwitfKey keyboard vulnerability is an irritating one,” says Lane Thames, Software Development Engineer at Tripwire. “It is irritating because most users will not be able to uninstall the vulnerable software and because most carriers are currently not shipping a patch, at least according to information available today. There are many good keyboards available for the Samsung device, so a simple solution could be to just remove the vulnerable keyboard. Unfortunately, neither Samsung nor most wireless carriers want you to do that, usually for the same reasons they sell locked phones.”
On the plus side for the end user, this vulnerability requires a bit of effort to successfully exploit, according to the technical details that have been released. It requires a MITM attack infrastructure where a vulnerable keyboard application initiates a language pack download or update. From the details, this update/download initiation occurs after boot and periodically during normal use.
To minimize risk until a patch is available, users should refrain from rebooting their device if connected to WiFi and, particularly, should refrain connecting to unknown or insecure WiFi, says Thames. This issue could be exploited over the cellular network, but it is a harder approach except for the most experienced attackers.”
Craig Young, Security Researcher at Tripwire adds: “In my eyes however the crux of the biscuit here is the state-sponsored attack. Nations with an eye toward spying on and oppressing dissidents can have a field day with this vulnerability silently installing malware onto all the affected Samsung devices connecting through the cellular internet connection. Defence against this type of attacker and detection of the resulting attack is far more difficult for the average user and power users alike. Until Samsung devices get patched, the most paranoid users will want to take advantage of censorship bypassing VPN services like privateinternetaccess.com that give users the control to prevent any plaintext communication directly from the Android. Of course all bets are off if the pop-out point from the VPN is on a network controlled or influenced by an adversary.”