[Ab]

Sams0wned

http://www.pymnts.com/news/2015/sams...aw-discovered/

Quote:

Over 600 million Samsung mobile device users may be at risk due to a significant security threat, according to researchers at mobile security specialist NowSecure.

Researcher Ryan Welton, who uncovered the flaw residing in the pre-installed keyboard of some Samsung phones, demonstrated his findings during a Black Hat Mobile Security Summit presentation, titled “Abusing Android Apps And Gaining Remote Code Execution,” yesterday (June 16) in London.

“Welton found he could hijack the process of updating one of the virtual keyboards Samsung installs on many Android smartphones. From there, he could eavesdrop on phone conversations, rummage through text messages and contacts, or turn on the microphone to capture audio,” The Wall Street Journal reported.

According to NowSecure’s report on the vulnerability, Samsung was notified about the security issue back in December of 2014. But as of yesterday, the report provided a known (but not all-inclusive) list of impacted devices by carrier along with the status of a patch. The list covered several popular Samsung mobile devices like the Galaxy S6, Galaxy S5 and Galaxy S4, all of which showed a patch status of either “unknown” or “unpatched.”