[SingCERT] Samsung Galaxy Devices MITM Vulnerability
19 June 2015
A vulnerability has been reported in the update mechanism of Samsung keyboards in various Samsung Galaxy devices. Samsung keyboards are powered by SwiftKey through SwiftKey SDK and SwiftKey periodically checks for language packs updates over HTTP. As the HTTP requests are not encrypted, it is susceptible to man-in-the-middle (MITM) attacks. Additionally, the Samsung keyboards are operating with system privileges, which may allow an attacker to write arbitrary data to the vulnerable devices.