If you have a Samsung S4, Mini, Galaxy S5 or even the recently released Galaxy S6, you might have a security flaw that may result in you getting hacked. Cybersecurity firm NowSecure discovered a unpatched security hole that allows an attacker to remotely execute code as a system user via the keyboard upgrade mechanism on their phones.
Now here’s the really bad part via The Wall Street Journal:
In March, Samsung told NowSecure it had sent a fix to wireless carriers that they could distribute to users. It asked NowSecure to wait three months before going public.
Last week, the researchers bought two new Samsung Galaxy S6’s from Verizon Wireless and Sprint. They found both were still vulnerable to the security hole, which involves how the phone accepts data when updating keyboard software.
There’s more:
In this case, NowSecure said it contacted Samsung in November 2014. On Dec. 16, Samsung asked for more time, Hoog said. On Dec. 31, it asked for a year to fix it, he said.
Wow. That’s insane. You have a serious security issue in your phones in an age where such issues are found very quickly and you want a year to fix it? Then a few months later you say that you’ve fixed it but it quickly gets proven that you haven’t?
Mind blown.
Samsung hasn’t said anything in regards to this yet. But one hopes that they do so quickly for this reason from the research that NowSecure did:
Unfortunately, the flawed keyboard app can’t be uninstalled or disabled. Also, it isn’t easy for the Samsung mobile device user to tell if the carrier has patched the problem with a software update. To reduce your risk, avoid insecure Wi-Fi networks, use a different mobile device and contact your carrier for patch information and timing.
Your choices are don’t use insecure WiFi or don’t use a Samsung phone? That’s not good if you’re Samsung..
Related
This entry was posted on June 16, 2015 at 3:33 pm and is filed under Commentary with tags Samsung. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Long Standing Flaw In Samsung Phones Leaves Users Exposed To Being Hacked
If you have a Samsung S4, Mini, Galaxy S5 or even the recently released Galaxy S6, you might have a security flaw that may result in you getting hacked. Cybersecurity firm NowSecure discovered a unpatched security hole that allows an attacker to remotely execute code as a system user via the keyboard upgrade mechanism on their phones.
Now here’s the really bad part via The Wall Street Journal:
In March, Samsung told NowSecure it had sent a fix to wireless carriers that they could distribute to users. It asked NowSecure to wait three months before going public.
Last week, the researchers bought two new Samsung Galaxy S6’s from Verizon Wireless and Sprint. They found both were still vulnerable to the security hole, which involves how the phone accepts data when updating keyboard software.
There’s more:
In this case, NowSecure said it contacted Samsung in November 2014. On Dec. 16, Samsung asked for more time, Hoog said. On Dec. 31, it asked for a year to fix it, he said.
Wow. That’s insane. You have a serious security issue in your phones in an age where such issues are found very quickly and you want a year to fix it? Then a few months later you say that you’ve fixed it but it quickly gets proven that you haven’t?
Mind blown.
Samsung hasn’t said anything in regards to this yet. But one hopes that they do so quickly for this reason from the research that NowSecure did:
Unfortunately, the flawed keyboard app can’t be uninstalled or disabled. Also, it isn’t easy for the Samsung mobile device user to tell if the carrier has patched the problem with a software update. To reduce your risk, avoid insecure Wi-Fi networks, use a different mobile device and contact your carrier for patch information and timing.
Your choices are don’t use insecure WiFi or don’t use a Samsung phone? That’s not good if you’re Samsung..
Share this:
Like this:
Related
This entry was posted on June 16, 2015 at 3:33 pm and is filed under Commentary with tags Samsung. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.