Vulnerability in Samsung Galaxy phones put over 600 million Samsung phone users at risk
-
-
Do wek now if this affects the Galaxy Note 3 / 4 phones?
-
I would bet yes since the Note 3/4 were both released after the S4, which is vulnerable.
-
I suspect that it depends on if they include that particular keyboard. I guess I could test my wife's Note4 later today.
-
I found out the company that reported the vulnerabiltiy and a write up is located
https://www.nowsecure.com/keyboard-vulnerability/and a detailed review is
https://www.nowsecure.com/blog/2015/06/16/remote-code-execution-as-system-user-on-samsung-phones/
It would be trivial to exploit if you are behind a proxy... but then again, many things are trivial to exploit if you are behind a proxy.
-
What keyboard software are they using? I'm never trusted any keyboards aside from the original AOSP keyboard. You never know if it's keylogging.
-
It's the Built-in keyboard that ships with the Galaxy line phones, and some versions of the Swype keyboard.
-
@dafyre said:
It's the Built-in keyboard that ships with the Galaxy line phones
Is there own custom though or is it third party?
-
I read it was the Swipe keyboard itself - which is baked in.. and that's why you can't fix it.. Samnsung has to release a patch that the cellular providers have to approve and push to your phones... at least that's my understanding.
-
Aye. And Samsung has already released the patch for it. Now waiting on $carrier[] to catch up.
-
@Dashrender said:
I read it was the Swipe keyboard itself - which is baked in.. and that's why you can't fix it..
Unless it was rooted.
-
@thecreativeone91 said:
@Dashrender said:
I read it was the Swipe keyboard itself - which is baked in.. and that's why you can't fix it..
Unless it was rooted.
lol of course.
-
Yeah. More and more, I am leaning towards rooting my phone simply so i don't have to wait on $carrier to release OS patches... I just hate voiding the warranty on my phone so quickly, lol.
-
@dafyre said:
Yeah. More and more, I am leaning towards rooting my phone simply so i don't have to wait on $carrier to release OS patches... I just hate voiding the warranty on my phone so quickly, lol.
They'd never know if you restore the factory bootloader and rom before sending it off.
-
The newer Samsung devices have something called KNOX. You generally trip it once you install a custom ROM, and you can't go back and un-trip it that I'm aware of. I had my Note 3 for a year and didn't have to root it, so I wasn't keeping up with it, lol.
-
If the hardware is having issues, the vendor shouldn't be allowed to not support you - I recall Scott mentioning in the past that some court case basically set this precedent when it came to servers and running things like NON OEM RAM.
-
Hmm... Food for thought.... The Links I sent earlier were for Android 4.4... Mine is on 5... I wonder if it is stlil affected.
-
@Dashrender said:
If the hardware is having issues, the vendor shouldn't be allowed to not support you - I recall Scott mentioning in the past that some court case basically set this precedent when it came to servers and running things like NON OEM RAM.
It's an automotive case from like the 1960s.
-
@scottalanmiller said:
@Dashrender said:
If the hardware is having issues, the vendor shouldn't be allowed to not support you - I recall Scott mentioning in the past that some court case basically set this precedent when it came to servers and running things like NON OEM RAM.
It's an automotive case from like the 1960s.
Yet that might change soon in the US. Cars are going to be licensed for use like software. It's copyright infringement to change the parts on the cars is what they are trying for.
-
@thecreativeone91 said:
@scottalanmiller said:
@Dashrender said:
If the hardware is having issues, the vendor shouldn't be allowed to not support you - I recall Scott mentioning in the past that some court case basically set this precedent when it came to servers and running things like NON OEM RAM.
It's an automotive case from like the 1960s.
Yet that might change soon in the US. Cars are going to be licensed for use like software. It's copyright infringement to change the parts on the cars is what they are trying for.
Do you have an article link?