600M Samsung Smartphones Vulnerable To Hacking - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Comments
600M Samsung Smartphones Vulnerable To Hacking
Oldest First  |  Newest First  |  Threaded View
Page 1 / 2   >   >>
RyanJ879
50%
50%
RyanJ879,
User Rank: Apprentice
6/18/2015 | 8:52:28 AM
Small surface area
The vulnerability is yes a problem but the surface area of the attack is so small that the hype is quite unreasonable.  The attacker has to highjack the update session, which doesn't happen non-stop but randomly and when it needs to.  To pull off this attack it's such a small window that I'll be shocked if more than 0.00001% of Samsung phones become affected by this.
larryloeb
50%
50%
larryloeb,
User Rank: Author
6/18/2015 | 2:26:42 PM
Re: Small surface area
It's quite true that this is a limited scenario for SwiftKey's vulnerability.

But--and this is the big thing to me-- Samsung elevated a thrid party app to system status without vetting it. It's like gving someone the keys to your kingdom and just assuming they won't hurt you. That's a naiive apporach.

Secondly, why is it that the wireless cariers have to disseminate the fix? There should be some other method to do it. I'm not sure if this is an Anroid only problem (given how many flavors of Android are out there) or something that Samsung did.

Locking the barn door after the horses are out never works, anyway
RyanJ879
50%
50%
RyanJ879,
User Rank: Apprentice
6/18/2015 | 2:34:37 PM
Re: Small surface area
Universally this seems to be an issue among android devices.  From personal experience I've had the HTC aria delayed for updates for no known reason, and with my second samsung phone I've had updates delayed by the carrier.  ATT for some reason is a month behind Verizon and Sprint on updates.  Same hardware though, so why the prolonged update time?
larryloeb
50%
50%
larryloeb,
User Rank: Author
6/18/2015 | 3:32:19 PM
Re: Small surface area
The Apple ecosystem does have its advantages here.

Apple pushes out updates via opportunistic downloading. Users have to take a far less active role in updating.

I think this tends to work a lot better to keep software current than how Android can update.
Dr.T
50%
50%
Dr.T,
User Rank: Strategist
6/22/2015 | 1:02:34 PM
Only Samsung?
 

I am surprised this SwiftKey vulnerability is only about Samsung. If it requires patched on the carrier layer, it must be the case for other carriers in my view.
Dr.T
50%
50%
Dr.T,
User Rank: Strategist
6/22/2015 | 1:05:55 PM
Re: Small surface area
That is partially good news for Samsung but anytime there is news around security it is perceived as bad regardless how server it is. 
Dr.T
50%
50%
Dr.T,
User Rank: Strategist
6/22/2015 | 1:07:47 PM
Re: Small surface area
I agree. System level access should never be given to third parties regardless of what their intention could be.
Dr.T
50%
50%
Dr.T,
User Rank: Strategist
6/22/2015 | 1:10:35 PM
Re: Small surface area
I agrees. This is like Chrome pushing updates regardless of user preferences. That made Chrome more secure comparing to other browsers and reached to the most market share. 
larryloeb
50%
50%
larryloeb,
User Rank: Author
6/22/2015 | 1:23:59 PM
Re: Only Samsung?
Samsung used Swiftkey with elevated system access; even though they are claiming their KNOX scheme will prevent such things on newer phones.

I could see he same thing happening on other Android phones.
kstaron
50%
50%
kstaron,
User Rank: Ninja
6/24/2015 | 10:38:20 AM
so why haven't the carrier's fixed this?
I'm most concerned right now with the fact that three major carriers haven't carried out the update to fix this yet. If i can't do it as a user, the carrier should be doing this fix post haste unless of course they want to have some liability in any issues this causes for users. Is there some huge obstacle preventing the carriers to do the fix?
Page 1 / 2   >   >>


2020 State of DevOps Report
2020 State of DevOps Report
Download this report today to learn more about the key tools and technologies being utilized, and how organizations deal with the cultural and process changes that DevOps brings. The report also examines the barriers organizations face, as well as the rewards from DevOps including faster application delivery, higher quality products, and quicker recovery from errors in production.
Slideshows
Data Science: How the Pandemic Has Affected 10 Popular Jobs
Cynthia Harvey, Freelance Journalist, InformationWeek,  9/9/2020
Commentary
The Growing Security Priority for DevOps and Cloud Migration
Joao-Pierre S. Ruth, Senior Writer,  9/3/2020
Commentary
Dark Side of AI: How to Make Artificial Intelligence Trustworthy
Guest Commentary, Guest Commentary,  9/15/2020
Register for InformationWeek Newsletters
Video
Current Issue
IT Automation Transforms Network Management
In this special report we will examine the layers of automation and orchestration in IT operations, and how they can provide high availability and greater scale for modern applications and business demands.
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll