[ale] Another reason to run a 3rd-party build on your Samsung phone
Raj Wurttemberg
rajaw at c64.us
Wed Jun 17 15:16:26 EDT 2015
On the positive side... not exactly a trivial exploit...
http://swiftkey.com/en/blog/samsung-keyboard-security-vulnerability-swiftkey/
<quick text so you don't *have* to click the link>
"The vulnerability in question is not easy to exploit: a user must be connected to a compromised network (such as a spoofed public Wi-Fi network), where a hacker with the right tools has specifically intended to gain access to their device. This access is then only possible if the user’s keyboard is conducting a language update at that specific time, while connected to the compromised network."
<end>
/Raj
From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of Lightner, Jeff
Sent: Wednesday, June 17, 2015 9:48 AM
To: Atlanta Linux Enthusiasts
Subject: Re: [ale] Another reason to run a 3rd-party build on your Samsung phone
What’s the chances this is a “bug” rather than something done by design?
Back when I worked for a phone company it disgusted me that back doors for almost everything have to be put in place.
From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of Charles Shapiro
Sent: Wednesday, June 17, 2015 9:23 AM
To: Atlanta Linux Enthusiasts - Yes! We run Linux!
Subject: [ale] Another reason to run a 3rd-party build on your Samsung phone
Samsung Android keyboard vulnerability affects Galaxy 4,5,6 phones
http://arstechnica.com/security/2015/06/new-exploit-turns-samsung-galaxy-phones-into-remote-bugging-devices/
Oops. As I read it, if you're running an AOSP build this won't affect you.
-- CHS
More information about the Ale
mailing list