Samsung has announced it is getting ready to fix a bug affecting 600 million Galaxy smartphones that can expose the user to a remote code execution attack.
The vulnerability, which was exposed by security firm NowSecure on 17 June, allows a hacker to access the handset as a system user - one of the highest privilege levels - via the pre-installed, third-party Swift SDK word prediction software, either on reboot or when the app updates. The attacker can then snoop on the victim by reading text messages or even activating the camera.
According to NowSecure, the attack vector is open even if the default keyboard is not Swift.
The organisation claims it told Samsung of the vulnerability in November last year, but decided to go public this week after the hardware maker failed to act on the information.
For its part, Samsung has played down the likelihood of an attack.
"This vulnerability, as noted by the researchers, requires a very specific set of conditions for a hacker to exploit the device this way," the company said. Nevertheless, it is rolling out a security patch over the course of the next few days to combat the issue.
"In addition to the security policy update, we will continue to work with related parties such as SwiftKey to address potential risks going forward," Samsung added.
While waiting for the update to arrive, the company has advised owners of Galaxy S4, S5, S6 and S6 Edge handsets to turn on the pre-installed KNOX security platform, which can mitigate the threat.
Those who own a Galaxy S3, though, or a non-flagship phone do not have this option and, it would seem, may have to wait a longer to receive a patch, which will eventually come in the shape of a firmware update.
Tod Beardsley, engineering manager at security Firm Rapid7, has commended Samsung for acting quickly following the public revelation of the problem, stating: "Given the unlikely nature of the attack, it's good to see that Samsung is taking this exposure seriously."
"I imagine a proper operating system patch will be released in the coming weeks and months for everyone ... [and] in the meantime users should be aware of the networks they habitually connect to, routinely remove 'remembered' networks they don't often use, and ensure that they reeboot their Samsung devices only while associated to netoworks they normally trust," he added.
-
The Race Is On for Higher Ed to Adapt: Equity in Hyflex Learning -
Google faces 'first of its kind' class action for search ads overcharging in UKNews Google faces a "first of its kind" £5 billion lawsuit in the UK over accusations it has a monopoly in digital advertising that allows it to overcharge customers.
-
Hackers are targeting Ivanti VPN users again – here’s what you need to knowNews Ivanti has re-patched a security flaw in its Connect Secure VPN appliances that's been exploited by a China-linked espionage group since at least the middle of March.
-
Broadcom issues urgent alert over three VMware zero-daysNews The firm says it has information to suggest all three are being exploited in the wild
-
Nakivo backup flaw still present on some systems months after firms’ ‘silent patch’, researchers claimNews Over 200 vulnerable Nakivo backup instances have been identified months after the firm silently patched a security flaw.
-
Everything you need to know about the Microsoft Power Pages vulnerabilityNews A severe Microsoft Power Pages vulnerability has been fixed after cyber criminals were found to have been exploiting unpatched systems in the wild.
-
Vulnerability management complexity is leaving enterprises at serious riskNews Fragmented data and siloed processes mean remediation is taking too long
-
A critical Ivanti flaw is being exploited in the wild – here’s what you need to knowNews Cyber criminals are actively exploiting a critical RCE flaw affecting Ivanti Connect Secure appliances
-
Researchers claim an AMD security flaw could let hackers access encrypted dataNews Using only a $10 test rig, researchers were able to pull off the badRAM attack
-
A journey to cyber resiliencewhitepaper DORA: Ushering in a new era of cyber security
