Hackers are able to spy on Samsung Galaxy users because of a software vulnerability.

It enables cyber criminals to use the phone’s camera and microphone to read text messages and install apps.

The software flaw affects up to 600 million handsets, including the newly released Samsung Galaxy S6, researchers claim.


Hackers (illustrated with a stock image) are able to spy on Samsung Galaxy users because of a software vulnerability. It enables cyber criminals to use the phone’s camera and microphone to take control of a handset
Until Samsung fixes the problem in a few days time, it is recommended that Galaxy handset owners stay away from unsecured Wi-Fi networks.

The hack exploits a glitch with Samsung’s pre-installed ‘IME’ keyboard - a version of SwiftKey, which enables easier predictive text – that comes with Galaxy handsets,The Independent reported.


The flaw was uncovered by NowSecure mobile security researcher Ryan Welton and Samsung was notified in December.

The keyboard software regularly asks a server whether it needs updating, but this potentially allows hackers to pose as a server, or 'privileged (system) user' and send malicious code to a phone in order to gain control of it.

WHAT DOES THE FLAW ALLOW HACKERS TO DO?

If the software glitch is exploited, hackers can remotely...

Access a phone's camera, microphone, GPS and sensors.

Secretly install malicious apps without the owner knowing.

Tamper with how the phone or other apps work.

Spy on incoming and outgoing text messages and eavesdrop on calls.

Attempt to steal personal data, pictures and text messages.


This is known as a ‘man in the middle attack’ and encryption is usually in place to stop hackers from using them.

It appears Samsung has given its IME keyboard special permissions, meaning ts easier for hackers to get though protection measures in Android.

Now Secure's blog says the vulnerability is 'triggered automatically' upon reboot or when the keyboard app decides to update.

'This can include geographically proximate attacks such as rogue Wi-Fi access points or cellular base stations, or attacks from local users on a network,' Mr Welton writes.

It's also possible for hackers to tap into the flaw more remotely using a rouge router, for example.

Researchers say hackers can easily target the S6, S5 and S4 Mini handsets as well as any other Samsung handsets with the keyboard installed.

If the software glitch is exploited, it allows hackers to install malicious apps without the owner knowing, which could cause them further problems.

Cyber criminals could eavesdrop on phone calls, read incoming and outgoing text messages or even attempt to steal personal data including photographs, Mr Welton warned.

While staying away from insecure Wi-Fi networks means Galaxy owners reduce the risk of being hit by hackers, it won’t keep them completely safe.

And unfortunately, the flawed keyboard app can’t be uninstalled, according to Mr Welton's post.

Samsung is said to have given a patch to mobile network operators to pass onto consumers in the form of an Android update, but it’s unclear whether it has been rolled out.






The software flaw lets them read text messages and install apps, and could affect up to 600 million handsets including the newly released Samsung Galaxy S6 (pictured), researchers claim.


A Samsung spokesman told MailOnline: 'Samsung takes emerging security threats very seriously.

'We are aware of the recent issue reported by several media outlets and are committed to providing the latest in mobile security.

'It is important to note that the phone’s core functions (kernel) were not affected by the reported issue due to the protection of the Samsung KNOX platform in all S4 models and above.

'Samsung KNOX also has the capability to update the security policy of the phones, over-the-air, to invalidate any remaining potential vulnerabilities caused by this issue.

'The security policy updates will begin rolling out in a few days.

'In addition to the Security Policy update, we are also working with SwiftKey to address potential risks going forward.'

SwiftKey said the exploit doesn't affect its main version of the keyboard that’s available via Apple and Android’s app stores.

A statement from the company says: ‘We supply Samsung with the core technology that powers the word predictions in their keyboard.

‘It appears that the way this technology was integrated on Samsung devices introduced the security vulnerability.

We are doing everything we can to support our long-time partner Samsung in their efforts to resolve this obscure but important security issue.’

The company goes on to reassure people that the vulbnerability is 'not easy to exploit'

'A user must be connected to a compromised network (such as a spoofed public Wi-Fi network), where a hacker with the right tools has specifically intended to gain access to their device.

'This access is then only possible if the user’s keyboard is conducting a language update at that specific time, while connected to the compromised network.'




SOURCE:

http://www.dailymail.co.uk/sciencetech/article-3128096/Has-Samsung-phone-hacked-600-MILLION-handsets-vulnerable-security-flaw-lets-hackers-photos-read-texts.html

Samsung Don enter one chance be that

Hmhm...

Hmmmm

Go keyboard is the solution now.

Cc: Lalasticalala. Come help this Samsung users before high bp kills them