Vulnerability in Samsung phones allows eavesdropping

Samsung phones found a vulnerability that allows an attacker to access almost all the functions of the phone.

Under the cut more detailed and video exploitation of this vulnerability.
')


The malicious program can be installed during the upgrade of SwiftKey language packs - preinstalled on most phones as a standard keyboard, as they pass in an unencrypted form. An attacker can get access to the sensors and sensors of the phone, listen in on conversations and watch contacts, photos, messages and passwords, and you can also execute malicious code with the user's system privileges. At the same time, the SwiftKey keyboard does not have to be turned on, it is enough that it is just in the smartphone.

The vulnerability was found by NowSecure, namely Ryan Welton. They notified the Korean company about the problem back in November 2014, after which Samsung released an update for all smartphones with Android version 4.2 and older in March. However, representatives of NowSecure say that the vulnerability is still not closed, in particular, they managed to repeat the hacking procedure on Verizon GALAXY S6 during the Blackhat Security Summit conference in London.

According to forecasts, more than 600 million handsets are under threat, including the flagship GALAXY S III, S4, S5, as well as GALAXY Note 3 and Note 4.