Potentially 600m Samsung Galaxy phones are at risk of malicious compromise after a new exploit was discovered by a security researcher.
The vulnerability is down to the way in which SwiftKey keyboard app updates – it periodically queries a server to check if new updates exist. However, the process is conducted in the clear, and the downloaded executable file isn’t encrypted, meaning that a man-in-the-middle technique can spoof the update server, then send a malicious file to the device. The file could turn the device into a bug, by taking control of the camera and microphones, install other malware apps, and steal data.
New exploit compromises Samsung Galaxy phones
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.