Security - What is it ?, who needs it?
From the article:
NowSecure estimates that 600 million devices could be vulnerable, including the Samsung Galaxy S5 on Verizon and the S4 Mini on AT&T. Newer devices are also still affected, despite patches pushed out by Samsung.
The Swift keyboard updates (generally language pack updates) are sent over HTTP, and therefore an attacker with network access is able to access the update and inject a malicious app or tamper with other resources on the phone, giving him access to email, contacts, images and other personal data stored on the phone. A more sophisticated actor could also eavesdrop on phone calls or steal text messages from the device.
(More bad news)
“To date, we’re not seeing devices patched,” Hoog said. “Samsung said the Galaxy 6 running on Android 5 (Lollipop) were not vulnerable. On a pure whim, we spent $1,000 on new devices last week in order to verify and we were surprised to see the vulnerability still there. Even though it’s been patched since March by Samsung, it has not made it to new devices.”
For more details:
No comments:
Post a Comment