[ale] Another reason to run a 3rd-party build on your Samsung phone

Raj Wurttemberg rajaw at c64.us
Wed Jun 17 15:16:26 EDT 2015


On the positive side... not exactly a trivial exploit...

http://swiftkey.com/en/blog/samsung-keyboard-security-vulnerability-swiftkey/

<quick text so you don't *have* to click the link>

"The vulnerability in question is not easy to exploit: a user must be connected to a compromised network (such as a spoofed public Wi-Fi network), where a hacker with the right tools has specifically intended to gain access to their device. This access is then only possible if the user’s keyboard is conducting a language update at that specific time, while connected to the compromised network."

<end>

/Raj


From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of Lightner, Jeff
Sent: Wednesday, June 17, 2015 9:48 AM
To: Atlanta Linux Enthusiasts
Subject: Re: [ale] Another reason to run a 3rd-party build on your Samsung phone

What’s the chances this is a “bug” rather than something done by design?

Back when I worked for a phone company it disgusted me that back doors for almost everything have to be put in place.

From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of Charles Shapiro
Sent: Wednesday, June 17, 2015 9:23 AM
To: Atlanta Linux Enthusiasts - Yes! We run Linux!
Subject: [ale] Another reason to run a 3rd-party build on your Samsung phone

Samsung Android keyboard vulnerability affects Galaxy 4,5,6 phones

http://arstechnica.com/security/2015/06/new-exploit-turns-samsung-galaxy-phones-into-remote-bugging-devices/
Oops.  As I read it, if you're running an AOSP build this won't affect you.
-- CHS




More information about the Ale mailing list