Pre-installed keyboard leave millions of Samsung smartphones vulnerable


Michael Goff

Suspended
Jul 5, 2012
13,262
7,298

http://www.androidpolice.com/2015/06/16/psa-swiftkey-security-flaw-impacting-600-million-phones-is-already-fixed-probably-nothing-to-worry-about/

An attack would also be rather involved - essentially, a malicious party would have to have already deeply compromised the security of the network you're on and use DNS hijacking or a similar man-in-the-middle exploit to redirect your phone to a fake language pack update that could then potentially inject your device with malicious code. And even under these conditions, only when the app initiates a new language pack download or language pack update can the flaw be taken advantage of. This would make it quite difficult to exploit reliably, let alone on any sort of scale.
 

jamezr

macrumors G5
Aug 7, 2011
12,547
10,043
US
I'll see that exploit and raise you this one.
"We completely cracked the keychain service - used to store passwords and other credentials for different Apple apps - and sandbox containers on OS X, and also identified new weaknesses within the inter-app communication mechanisms on OS X and iOS which can be used to steal confidential data from Evernote, Facebook and other high-profile apps."
The exploits were reported to Apple in Oct of 2014 and yet to be patched

Lead researcher Luyi Xing told The Register that he reported the security flaws to Apple in October 2014 and complied with the iPhone maker's request to withhold publishing the information for six months, but has not heard back from the company since and is now exposing the zero-day vulnerabilities to the public. The flaws affect thousands of OS X apps and hundreds of iOS apps and can now be weaponized by attackers.

http://forums.macrumors.com/threads/ios-and-os-x-security-flaws-enable-malicious-apps-to-steal-passwords-and-other-data.1893028/
 

tbayrgs

macrumors 604
Jul 5, 2009
6,508
3,427
I'll see that exploit and raise you this one.

The exploits were reported to Apple in Oct of 2014 and yet to be patched




http://forums.macrumors.com/threads/ios-and-os-x-security-flaws-enable-malicious-apps-to-steal-passwords-and-other-data.1893028/
Certainly scary looking scenario but how does this in any way have anything to do with the OP Jamezr? Neither the OP, the thread title, nor the linked article make any mention of Apple, OS X, or iOS.

I'm sorry but it's posts like these that tend to immediately start bickering flame wars.
 

MRU

Suspended
Aug 23, 2005
25,312
8,706
Other
Certainly scary looking scenario but how does this in any way have anything to do with the OP Jamezr? Neither the OP, the thread title, nor the linked article make any mention of Apple, OS X, or iOS.

I'm sorry but it's posts like these that tend to immediately start bickering flame wars.
Yeah agreed not every thread here has to be turned into a v's thread.


However with that being said - this 'scare' sounds like making mountains out of molehills ...
 

jamezr

macrumors G5
Aug 7, 2011
12,547
10,043
US
Certainly scary looking scenario but how does this in any way have anything to do with the OP Jamezr? Neither the OP, the thread title, nor the linked article make any mention of Apple, OS X, or iOS.

I'm sorry but it's posts like these that tend to immediately start bickering flame wars.
It has everything to do with the OP. He never posts here in this section. It seems like another one of those Apple fan wants to post something negative in the Alternative section and do a "hit and run". They typical post something negative about Android or Samsung specifically to stir up Android fans and then desert the thread they created in the first place.
 
Last edited:
  • Like
Reactions: LIVEFRMNYC

lazard

macrumors 68000
Jul 23, 2012
1,605
813
yes...vulnerable if you are on an unsecured wireless network and downloading a language pack for your samsung keyboard. not sure why this is in the iphone section.
 

tbayrgs

macrumors 604
Jul 5, 2009
6,508
3,427
It has everything to do with the OP. He never posts here in this section. It seems like another one of those Apple fan wants to post something negative in the Alternative section and do a "hit and run". They typical post something negative about Android or Samsung specifically Samsung to stir up Android fans and then desert the thread they created in the first place.
Jamezr, I think your run-ins with I7guy have you a bit paranoid---not everyone has an agenda. Go look at his post history---he posts all over these forums, actually does very little in the traditional Apple software and hardware forums and not a hint of some sort of axe to grind. And this thread is started exactly where it should be--in the Alternatives subforum.
 

jamezr

macrumors G5
Aug 7, 2011
12,547
10,043
US
Jamezr, I think your run-ins with I7guy have you a bit paranoid---not everyone has an agenda. Go look at his post history---he posts all over these forums, actually does very little in the traditional Apple software and hardware forums and not a hint of some sort of axe to grind. And this thread is started exactly where it should be--in the Alternatives subforum.
Maybe! :) I am also here a lot and recognize the participants for the most part. I don't think I have ever seen him participate in a discussion in the section.
 

ABC5S

Suspended
Sep 10, 2013
3,395
1,597
Florida
I refuse to believe anything coming from Fox "news".
It's not from Fox. This time its from a guest on the show. Its on some other networks as well. I like FOX business news. FOX is rated at the top or near the top for a number of years.


http://money.cnn.com/2015/06/17/technology/samsung-galaxy-hack/



http://www.independent.co.uk/life-style/gadgets-and-tech/news/samsung-galaxy-hack-swiftkey-vulnerability-lets-hackers-easily-snoop-on-phones-10325574.html



http://abcnews.go.com/Technology/samsung-working-fix-galaxy-security-vulnerability/story?id=31865272
 
Last edited:

I7guy

macrumors Core
Nov 30, 2013
20,435
8,262
Gotta be in it to win it
Certainly scary looking scenario but how does this in any way have anything to do with the OP Jamezr? Neither the OP, the thread title, nor the linked article make any mention of Apple, OS X, or iOS.

I'm sorry but it's posts like these that tend to immediately start bickering flame wars.
No matter what, this is a bad day for security but I'm waiting to see the real impact....not the theoretical impact.
 

I7guy

macrumors Core
Nov 30, 2013
20,435
8,262
Gotta be in it to win it
It has everything to do with the OP. He never posts here in this section. It seems like another one of those Apple fan wants to post something negative in the Alternative section and do a "hit and run". They typical post something negative about Android or Samsung specifically to stir up Android fans and then desert the thread they created in the first place.
You do know you can decline to answer and ignore those posts that you believe the poster is doing a "hit and run".
 

jamezr

macrumors G5
Aug 7, 2011
12,547
10,043
US
You do know you can decline to answer and ignore those posts that you believe the poster is doing a "hit and run".
No did not know that! Thank you for pointing out that to me. Geesh..... You would think an very obvious solution like that would have crossed my mind. /s
 

LIVEFRMNYC

macrumors 604
Oct 27, 2009
7,433
8,605
The guy is talking like he thinks they installed a physical keyboard at the factory.

And the women "There's not a lot we have information on". Really, then why are you speaking?
 

mi7chy

macrumors 603
Oct 24, 2014
5,953
6,917
Only the clueless seem to be making a big fuss about this. If you're on carrier data or private WIFI which cover most of the use it's a non-issue. If you're on public WIFI you should be using VPN because you're vulnerable to MITM regardless of swiftkey. Unlike Apple's Fappening that actually happened this is theoretical with very low exposure.
 

maflynn

Moderator
Staff member
May 3, 2009
63,851
30,367
Boston
[MOD NOTE]
If someone wants to discuss the merits of Fox News please take it to the PRSI forum. I've removed a large number of posts that have nothing to do with with topic. Please stay on topic
 
  • Like
Reactions: tbayrgs

lowendlinux

macrumors 603
Sep 24, 2014
5,155
6,311
North Country (way upstate NY)
It has everything to do with the OP. He never posts here in this section. It seems like another one of those Apple fan wants to post something negative in the Alternative section and do a "hit and run". They typical post something negative about Android or Samsung specifically to stir up Android fans and then desert the thread they created in the first place.
He hangs out quite a bit in community and seems to be a good dude. I believe he's also older i.e. in his 60's so I don't think it's hit and run. Second if he is/was what his avi indicates then he really isn't into hit and run stuff. I read is as a FYSA type thing
 

grkm3

macrumors 6502a
Feb 12, 2013
972
510
He hangs out quite a bit in community and seems to be a good dude. I believe he's also older i.e. in his 60's so I don't think it's hit and run. Second if he is/was what his avi indicates then he really isn't into hit and run stuff. I read is as a FYSA type thing
Then why not stick around and discuss the issue? Seems like he's spot on and was a hit and run thread to diss Samsung and bounce.

Not one post after first grand slam opening.

I'll try and not use a local open network and install a Chinese language pack though thanks for the heads up.

I have better odds winning the powerball then getting my phone hacked by this
 

JamesMike

macrumors demi-god
Original poster
Nov 3, 2014
5,384
4,247
Oregon
Then why not stick around and discuss the issue? Seems like he's spot on and was a hit and run thread to diss Samsung and bounce.

Not one post after first grand slam opening.

I'll try and not use a local open network and install a Chinese language pack though thanks for the heads up.

I have better odds winning the powerball then getting my phone hacked by this
It was not a hit and run. I love my Samsung Galaxy S5. It was just to inform people of the situation.