Samsung has announced it is getting ready to fix a bug affecting 600 million Galaxy smartphones that can expose the user to a remote code execution attack.
The vulnerability, which was exposed by security firm NowSecure on 17 June, allows a hacker to access the handset as a system user - one of the highest privilege levels - via the pre-installed, third-party Swift SDK word prediction software, either on reboot or when the app updates. The attacker can then snoop on the victim by reading text messages or even activating the camera.
According to NowSecure, the attack vector is open even if the default keyboard is not Swift.
The organisation claims it told Samsung of the vulnerability in November last year, but decided to go public this week after the hardware maker failed to act on the information.
For its part, Samsung has played down the likelihood of an attack.
"This vulnerability, as noted by the researchers, requires a very specific set of conditions for a hacker to exploit the device this way," the company said. Nevertheless, it is rolling out a security patch over the course of the next few days to combat the issue.
"In addition to the security policy update, we will continue to work with related parties such as SwiftKey to address potential risks going forward," Samsung added.
While waiting for the update to arrive, the company has advised owners of Galaxy S4, S5, S6 and S6 Edge handsets to turn on the pre-installed KNOX security platform, which can mitigate the threat.
Those who own a Galaxy S3, though, or a non-flagship phone do not have this option and, it would seem, may have to wait a longer to receive a patch, which will eventually come in the shape of a firmware update.
Tod Beardsley, engineering manager at security Firm Rapid7, has commended Samsung for acting quickly following the public revelation of the problem, stating: "Given the unlikely nature of the attack, it's good to see that Samsung is taking this exposure seriously."
"I imagine a proper operating system patch will be released in the coming weeks and months for everyone ... [and] in the meantime users should be aware of the networks they habitually connect to, routinely remove 'remembered' networks they don't often use, and ensure that they reeboot their Samsung devices only while associated to netoworks they normally trust," he added.
-
Trump's AI executive order could leave US in a 'regulatory vacuum'News Citing a "patchwork of 50 different regulatory regimes" and "ideological bias", President Trump wants rules to be set at a federal level
-
TPUs: Google's home advantageITPro Podcast How does TPU v7 stack up against Nvidia's latest chips – and can Google scale AI using only its own supply?
-
Protecting your business with mobile device securityIT leaders face multiple challenges in today’s landscape – secure, frictionless mobile device security helps solve them
-
Security experts claim the CVE Program isn’t up to scratch anymore — inaccurate scores and lengthy delays mean the system needs updatedNews CVE data is vital in combating emerging threats, yet inaccurate ratings and lengthy wait times are placing enterprises at risk
-
IBM AIX users urged to patch immediately as researchers sound alarm on critical flawsNews Network administrators should patch the four IBM AIX flaws as soon as possible
-
Critical Dell Storage Manager flaws could let hackers access sensitive data – patch nowNews A trio of flaws in Dell Storage Manager has prompted a customer alert
-
This new Android attack could let hackers swipe 2FA codes and snoop on private messages – ‘Pixnapping’ affects Samsung and Google smartphones, but experts warn more could be at riskNews Pixnapping allows attackers to steal two-factor authentication (2FA) codes, private messages, and even financial information.
-
Flaw in Lenovo’s customer service AI chatbot could let hackers run malicious code, breach networksNews Hackers abusing the Lenovo flaw could inject malicious code with just a single prompt
-
Industry welcomes the NCSC’s new Vulnerability Research Initiative – but does it go far enough?News The cybersecurity agency will work with external researchers to uncover potential security holes in hardware and software
-
Hackers are targeting Ivanti VPN users again – here’s what you need to knowNews Ivanti has re-patched a security flaw in its Connect Secure VPN appliances that's been exploited by a China-linked espionage group since at least the middle of March.
