Pre-installed keyboard leave millions of Samsung smartphones vulnerable

[JamesMike]

It would be nice if they get this fixed. http://www.foxnews.com/tech/2015/06...-to/?intcmp=ob_homepage_tech&intcmp=obnetwork

 

[Michael Goff]

It would be nice if they get this fixed. http://www.foxnews.com/tech/2015/06...-to/?intcmp=ob_homepage_tech&intcmp=obnetwork

http://www.androidpolice.com/2015/0...lready-fixed-probably-nothing-to-worry-about/

An attack would also be rather involved - essentially, a malicious party would have to have already deeply compromised the security of the network you're on and use DNS hijacking or a similar man-in-the-middle exploit to redirect your phone to a fake language pack update that could then potentially inject your device with malicious code. And even under these conditions, only when the app initiates a new language pack download or language pack update can the flaw be taken advantage of. This would make it quite difficult to exploit reliably, let alone on any sort of scale.

 

[jamezr]

It would be nice if they get this fixed. http://www.foxnews.com/tech/2015/06...-to/?intcmp=ob_homepage_tech&intcmp=obnetwork

I'll see that exploit and raise you this one.

"We completely cracked the keychain service - used to store passwords and other credentials for different Apple apps - and sandbox containers on OS X, and also identified new weaknesses within the inter-app communication mechanisms on OS X and iOS which can be used to steal confidential data from Evernote, Facebook and other high-profile apps."

The exploits were reported to Apple in Oct of 2014 and yet to be patched

Lead researcher Luyi Xing told The Register that he reported the security flaws to Apple in October 2014 and complied with the iPhone maker's request to withhold publishing the information for six months, but has not heard back from the company since and is now exposing the zero-day vulnerabilities to the public. The flaws affect thousands of OS X apps and hundreds of iOS apps and can now be weaponized by attackers.

https://forums.macrumors.com/thread...ps-to-steal-passwords-and-other-data.1893028/

 

[gotluck]

sounds like a fix is coming, through knox (which is interesting) looks like it doubles as samsungs version of google play services

http://www.androidpolice.com/2015/0...lready-fixed-probably-nothing-to-worry-about/

 

[tbayrgs]

I'll see that exploit and raise you this one.

The exploits were reported to Apple in Oct of 2014 and yet to be patched




https://forums.macrumors.com/thread...ps-to-steal-passwords-and-other-data.1893028/

Certainly scary looking scenario but how does this in any way have anything to do with the OP Jamezr? Neither the OP, the thread title, nor the linked article make any mention of Apple, OS X, or iOS.

I'm sorry but it's posts like these that tend to immediately start bickering flame wars.

 

[MRU]

Certainly scary looking scenario but how does this in any way have anything to do with the OP Jamezr? Neither the OP, the thread title, nor the linked article make any mention of Apple, OS X, or iOS.

I'm sorry but it's posts like these that tend to immediately start bickering flame wars.

Yeah agreed not every thread here has to be turned into a v's thread.


However with that being said - this 'scare' sounds like making mountains out of molehills ...

 

[roland.g]

http://video.foxbusiness.com/v/4304...etwork&playlist_id=937116503001#sp=show-clips

 

[jamezr]

Certainly scary looking scenario but how does this in any way have anything to do with the OP Jamezr? Neither the OP, the thread title, nor the linked article make any mention of Apple, OS X, or iOS.

I'm sorry but it's posts like these that tend to immediately start bickering flame wars.

It has everything to do with the OP. He never posts here in this section. It seems like another one of those Apple fan wants to post something negative in the Alternative section and do a "hit and run". They typical post something negative about Android or Samsung specifically to stir up Android fans and then desert the thread they created in the first place.

 

[lazard]

yes...vulnerable if you are on an unsecured wireless network and downloading a language pack for your samsung keyboard. not sure why this is in the iphone section.

 

[tbayrgs]

It has everything to do with the OP. He never posts here in this section. It seems like another one of those Apple fan wants to post something negative in the Alternative section and do a "hit and run". They typical post something negative about Android or Samsung specifically Samsung to stir up Android fans and then desert the thread they created in the first place.

Jamezr, I think your run-ins with I7guy have you a bit paranoid---not everyone has an agenda. Go look at his post history---he posts all over these forums, actually does very little in the traditional Apple software and hardware forums and not a hint of some sort of axe to grind. And this thread is started exactly where it should be--in the Alternatives subforum.

 

[jamezr]

Jamezr, I think your run-ins with I7guy have you a bit paranoid---not everyone has an agenda. Go look at his post history---he posts all over these forums, actually does very little in the traditional Apple software and hardware forums and not a hint of some sort of axe to grind. And this thread is started exactly where it should be--in the Alternatives subforum.

Maybe! I am also here a lot and recognize the participants for the most part. I don't think I have ever seen him participate in a discussion in the section.

 

[ABC5S]

I refuse to believe anything coming from Fox "news".

It's not from Fox. This time its from a guest on the show. Its on some other networks as well. I like FOX business news. FOX is rated at the top or near the top for a number of years.


http://money.cnn.com/2015/06/17/technology/samsung-galaxy-hack/



http://www.independent.co.uk/life-s...-hackers-easily-snoop-on-phones-10325574.html



http://abcnews.go.com/Technology/samsung-working-fix-galaxy-security-vulnerability/story?id=31865272

 

[I7guy]

Certainly scary looking scenario but how does this in any way have anything to do with the OP Jamezr? Neither the OP, the thread title, nor the linked article make any mention of Apple, OS X, or iOS.

I'm sorry but it's posts like these that tend to immediately start bickering flame wars.

No matter what, this is a bad day for security but I'm waiting to see the real impact....not the theoretical impact.

 

[I7guy]

It has everything to do with the OP. He never posts here in this section. It seems like another one of those Apple fan wants to post something negative in the Alternative section and do a "hit and run". They typical post something negative about Android or Samsung specifically to stir up Android fans and then desert the thread they created in the first place.

You do know you can decline to answer and ignore those posts that you believe the poster is doing a "hit and run".

 

[jamezr]

You do know you can decline to answer and ignore those posts that you believe the poster is doing a "hit and run".

No did not know that! Thank you for pointing out that to me. Geesh..... You would think an very obvious solution like that would have crossed my mind. /s

 

[I7guy]

No did not know that! Thank you for pointing out that to me. Geesh..... You would think an very obvious solution like that would have crossed my mind. /s

Your welcome. /s

 

[roland.g]

not sure why this is in the iphone section.

For the same reason that every Samsung commercial seems to be discussing iPhones.

 

[LIVEFRMNYC]

The guy is talking like he thinks they installed a physical keyboard at the factory.

And the women "There's not a lot we have information on". Really, then why are you speaking?

 

[mi7chy]

Only the clueless seem to be making a big fuss about this. If you're on carrier data or private WIFI which cover most of the use it's a non-issue. If you're on public WIFI you should be using VPN because you're vulnerable to MITM regardless of swiftkey. Unlike Apple's Fappening that actually happened this is theoretical with very low exposure.

 

[maflynn]

[MOD NOTE]
If someone wants to discuss the merits of Fox News please take it to the PRSI forum. I've removed a large number of posts that have nothing to do with with topic. Please stay on topic

 

[lowendlinux]

It has everything to do with the OP. He never posts here in this section. It seems like another one of those Apple fan wants to post something negative in the Alternative section and do a "hit and run". They typical post something negative about Android or Samsung specifically to stir up Android fans and then desert the thread they created in the first place.

He hangs out quite a bit in community and seems to be a good dude. I believe he's also older i.e. in his 60's so I don't think it's hit and run. Second if he is/was what his avi indicates then he really isn't into hit and run stuff. I read is as a FYSA type thing

 

[grkm3]

He hangs out quite a bit in community and seems to be a good dude. I believe he's also older i.e. in his 60's so I don't think it's hit and run. Second if he is/was what his avi indicates then he really isn't into hit and run stuff. I read is as a FYSA type thing

Then why not stick around and discuss the issue? Seems like he's spot on and was a hit and run thread to diss Samsung and bounce.

Not one post after first grand slam opening.

I'll try and not use a local open network and install a Chinese language pack though thanks for the heads up.

I have better odds winning the powerball then getting my phone hacked by this

 

[JamesMike]

Then why not stick around and discuss the issue? Seems like he's spot on and was a hit and run thread to diss Samsung and bounce.

Not one post after first grand slam opening.

I'll try and not use a local open network and install a Chinese language pack though thanks for the heads up.

I have better odds winning the powerball then getting my phone hacked by this

It was not a hit and run. I love my Samsung Galaxy S5. It was just to inform people of the situation.

 

[HiDEF]

Delete. Wrong thread.