[SingCERT] Samsung Galaxy Devices MITM Vulnerability

Published on Friday, 19 June 2015 15:50

[ Background ]

A vulnerability has been reported in the update mechanism of Samsung keyboards in various Samsung Galaxy devices. Samsung keyboards are powered by SwiftKey through SwiftKey SDK and SwiftKey periodically checks for language packs updates over HTTP. As the HTTP requests are not encrypted, it is susceptible to man-in-the-middle (MITM) attacks. Additionally, the Samsung keyboards are operating with system privileges, which may allow an attacker to write arbitrary data to the vulnerable devices.


[ Affected Devices ]

  • Samsung Galaxy devices


[ Impact ]

A remote attacker will be able to perform a MITM attack and may write arbitrary data to the affected phone when the phone is checking for updates.


[ Solution/Workaround ]

  • Samsung Galaxy devices (Samsung Galaxy S4 onwards) with the KNOX security platform installed should enable Automatic Updates in KNOX to receive the security update when it’s available.
  • Samsung Galaxy devices that do not have KNOX should check with your service provider if patches are available.
  • As far as possible, avoid the use of untrusted networks such as public WiFi.


[ References ]

http://global.samsungtomorrow.com/information-regarding-the-keyboard-security-issue-and-our-device-policy-update/
https://www.kb.cert.org/vuls/id/155412
http://swiftkey.com/en/blog/samsung-keyboard-security-vulnerability-swiftkey/
https://www.nowsecure.com/keyboard-vulnerability/
https://www.nowsecure.com/blog/2015/06/16/remote-code-execution-as-system-user-on-samsung-phones/
http://arstechnica.com/security/2015/06/new-exploit-turns-samsung-galaxy-phones-into-remote-bugging-devices/
http://blogs.wsj.com/digits/2015/06/16/flaw-lingers-in-samsung-phones-illustrating-hacking-risk/