Dan on Security
Register | Login
Remote Code Execution as System User on Samsung Phones | NowSecure Blogs
https://www.nowsecure.com/blog/2015/06/16/remote-code-execution-as-system-user-on-samsung-phones/

Over 600 million Samsung mobile device users have been affected by a significant security risk on leading Samsung models, including the recently released Galaxy S6. The risk comes from a pre-installed keyboard that allows an attacker to remotely execute code as a privileged (system) user.

If the flaw in the keyboard is exploited, an attacker could remotely: Access sensors and resources like GPS, camera and microphone, secretly install malicious app(s) without the user knowing, tamper with how other apps work or how the phone works, eavesdrop on incoming/outgoing messages or voice calls, attempt to access sensitive personal data like pictures and text messages
This is a major vulnerability, and knowing the Android update cycle, probably 550 out of the 600 million devices will be left unpatched for a very long time...

Tags: vulnerability android samsung
More from: nowsecure.com


show/hide source |

Comments

No comments found :-( To post a comment, please log in