Wednesday, June 17, 2015
Samsung phone security problem
NowSecure reports here that they have found a way \for an attacker to use the keyboard update mechanism on several Samsung phone models to execute privileged code on the phone. The vulnerability leverages the software update mechanism for the Swift keyboard software, which is from a third party. Software updates download files in privileged mode but as a plaintext zip file. The exploit modifies this download zip and its associated manifest to install malicious files on the phone.