Home Mail MemberMap Chat (0) Wallpapers
Go Back   ChiefsPlanet > The Lounge > Media Center

Reply
 
Thread Tools Display Modes
Old 06-18-2015, 09:37 AM  
Lzen Lzen is online now
Stop!
 
Lzen's Avatar
 
Join Date: Feb 2001
Location: Earth
Casino cash: $18138
600 Million Samsung Galaxy Phones Exposed To Hackers




Updated: Thu 7:01 AM, Jun 18, 2015


By: Jose Pagliery; Nick Viviani








[IMG]http://media.graytvinc.com/images/353*182/samsung20.jpg[/IMG] Both phones are made of aluminum and glass instead of plastic.




NEW YORK (CNNMoney) -- Every Samsung Galaxy device -- from the S3 to the latest S6 -- has a significant flaw that lets in hackers, researchers have discovered.
The vulnerability lives in the phones' keyboard software, which can't be deleted. The flaw potentially allows hackers to spy on anyone using a Samsung Galaxy phone.
You can be exposed by using public or insecure Wi-Fi. But some researchers think users are exposed even on cell phone networks.
Researchers at NowSecure, a cybersecurity firm, say they told Samsung about the vulnerability in November. Seven months later, nothing has been fixed. That's why NowSecure made its findings public on Tuesday.
How serious is this problem? NowSecure CEO Andrew Hoog said that, on a well-established system that ranks cybersecurity problems from 1 to 10, this vulnerability stood at 8.3.
NowSecure said it tested several Galaxy models on many different cell phone carriers. All were vulnerable. Assuming every Galaxy out there is the same, NowSecure estimates 600 million devices are affected.
The problem involves the word prediction software used by Samsung devices. It's made by British tech firm SwiftKey, which Samsung installs in devices at the factory.
Last year, NowSecure researchers discovered that the SwiftKey keyboard can be tricked to accept a malicious file when the software updates. Because of the way the keyboard is installed, that virus can access some of the deepest, core parts of the phone's computer system.
With that level of access, a hacker can then do pretty much anything to your phone.
This hack isn't easy. But it's a tactic for cyberattackers on a mission with lots of money and access WiFi or cell networks. One possible target? Company executives traveling to countries, such as China, where the government routinely spies on visitors to steal their business plans.
It also exposes high-level U.S. government officials. Samsung just earned the NSA's blessing for its Galaxy devices, which were approved for use by government employees. And the latest hack of federal employees -- allegedly by the Chinese government -- shows they are valuable targets.
Neither Samsung nor SwiftKey have claimed responsibility for inserting the flawed computer code. In a public statement, SwiftKey said it only found out about the flaw on Tuesday. SwiftKey said "the way this technology was integrated on Samsung devices introduced the security vulnerability."
To calm down worried users, the British firm argued that this hack isn't easy to pull off. It involves particular timing. A hacker can only sneak into a device when the keyboard software is applying a software update.
In a statement to reporters, Samsung said it "takes emerging security threats very seriously... and [is] committed to providing the latest in mobile security."
The company also said it's about to patch the issue through its Samsung KNOX service. "Updates will begin rolling out in a few days," the company said, although it's unclear whether all devices will receive the fix.
Part of the incredibly long delay to fix this problem is due to the way phone manufacturers work with cell phone carriers like AT&T, Sprint, T-Mobile and Verizon. Samsung could race to create a fix, but people must wait until carriers get around to distributing them.
This fractured system causes frequent complaints from users, who must patiently wait for all new software: everything from new features to patches for dangerous computer bugs.
NowSecure said it notified Samsung in November -- and as evidence of how slow this system is -- on December 31, Samsung asked for a year to fix it.
In its defense, Samsung said cybersecurity researchers at NowSecure didn't fully explain the problem in November.
"We learned about the full extent this past week," Samsung told CNNMoney.
NowSecure advised Samsung Galaxy users to avoid insecure Wi-Fi, ditch their phones, and call their cell phone carriers to pressure them into a quick fix.
Hoog said they made the vulnerability public because the pressure was just too great. The cybersecurity firm had advised companies for half a year, unable to tell them that their employees and managers were are serious risk of being spied on by hackers.
"We needed to inform them about the risk," he told CNNMoney. "It would be naive to think other entities [such as governments and cybermafias] would not be capable of finding this and executing it."
The-CNN-Wire
& 2015 Cable News Network, Inc., a Time Warner Company. All rights reserved.



http://www.wibw.com/home/headlines/6...308073731.html
Posts: 31,361
Lzen is too fat/Omaha.Lzen is too fat/Omaha.Lzen is too fat/Omaha.Lzen is too fat/Omaha.Lzen is too fat/Omaha.Lzen is too fat/Omaha.Lzen is too fat/Omaha.Lzen is too fat/Omaha.Lzen is too fat/Omaha.Lzen is too fat/Omaha.Lzen is too fat/Omaha.
  Reply With Quote
Old 06-18-2015, 09:41 AM   #2
Hootie 2.0 Hootie 2.0 is online now
Dude...
 
Hootie 2.0's Avatar
 

Join Date: Jul 2014
Casino cash: $10087128
I don't care if I'm getting spied on ... but does this mean they can steal my passwords?
Posts: 15,571
Hootie 2.0 is too fat/Omaha.Hootie 2.0 is too fat/Omaha.Hootie 2.0 is too fat/Omaha.Hootie 2.0 is too fat/Omaha.Hootie 2.0 is too fat/Omaha.Hootie 2.0 is too fat/Omaha.Hootie 2.0 is too fat/Omaha.Hootie 2.0 is too fat/Omaha.Hootie 2.0 is too fat/Omaha.Hootie 2.0 is too fat/Omaha.Hootie 2.0 is too fat/Omaha.
  Reply With Quote
Old 06-18-2015, 09:43 AM   #3
Lzen Lzen is online now
Stop!
 
Lzen's Avatar
 

Join Date: Feb 2001
Location: Earth
Casino cash: $18138
Quote:
Originally Posted by Hootie 2.0 View Post
I don't care if I'm getting spied on ... but does this mean they can steal my passwords?
I'm thinking yes, they can.
Quote:
With that level of access, a hacker can then do pretty much anything to your phone.
__________________
You can't buy happiness. But you can buy beer. And that's pretty much the same thing.
Posts: 31,361
Lzen is too fat/Omaha.Lzen is too fat/Omaha.Lzen is too fat/Omaha.Lzen is too fat/Omaha.Lzen is too fat/Omaha.Lzen is too fat/Omaha.Lzen is too fat/Omaha.Lzen is too fat/Omaha.Lzen is too fat/Omaha.Lzen is too fat/Omaha.Lzen is too fat/Omaha.
  Reply With Quote
Old 06-18-2015, 09:46 AM   #4
Fish Fish is offline
Missing Dick Curl
 
Fish's Avatar
 

Join Date: Sep 2005
Casino cash: $24289
The likelihood of this actually happening to someone is about 900 gazillion to one.
__________________
Posts: 27,709
Fish is obviously part of the inner Circle.Fish is obviously part of the inner Circle.Fish is obviously part of the inner Circle.Fish is obviously part of the inner Circle.Fish is obviously part of the inner Circle.Fish is obviously part of the inner Circle.Fish is obviously part of the inner Circle.Fish is obviously part of the inner Circle.Fish is obviously part of the inner Circle.Fish is obviously part of the inner Circle.Fish is obviously part of the inner Circle.
  Reply With Quote
Old 06-18-2015, 09:53 AM   #5
L.A. Chieffan L.A. Chieffan is offline
PLAY GOOD FOOTBALL
 
L.A. Chieffan's Avatar
 

Join Date: Aug 2006
Location: American Gardens Building
Casino cash: $16997
I use Swype
Posts: 15,927
L.A. Chieffan is blessed with 50/50 Hindsight.L.A. Chieffan is blessed with 50/50 Hindsight.L.A. Chieffan is blessed with 50/50 Hindsight.L.A. Chieffan is blessed with 50/50 Hindsight.L.A. Chieffan is blessed with 50/50 Hindsight.L.A. Chieffan is blessed with 50/50 Hindsight.L.A. Chieffan is blessed with 50/50 Hindsight.L.A. Chieffan is blessed with 50/50 Hindsight.L.A. Chieffan is blessed with 50/50 Hindsight.L.A. Chieffan is blessed with 50/50 Hindsight.L.A. Chieffan is blessed with 50/50 Hindsight.
  Reply With Quote
Old 06-18-2015, 10:33 AM   #6
Lzen Lzen is online now
Stop!
 
Lzen's Avatar
 

Join Date: Feb 2001
Location: Earth
Casino cash: $18138
Quote:
Originally Posted by Fish View Post
The likelihood of this actually happening to someone is about 900 gazillion to one.
Well, maybe a bit better odds than that but yeah. You have to be downloading an update to that auto grammar app while on an insecure network. Then again, if they are correct about it being possible on the mobile network then it might be easier than is being said.
__________________
You can't buy happiness. But you can buy beer. And that's pretty much the same thing.
Posts: 31,361
Lzen is too fat/Omaha.Lzen is too fat/Omaha.Lzen is too fat/Omaha.Lzen is too fat/Omaha.Lzen is too fat/Omaha.Lzen is too fat/Omaha.Lzen is too fat/Omaha.Lzen is too fat/Omaha.Lzen is too fat/Omaha.Lzen is too fat/Omaha.Lzen is too fat/Omaha.
  Reply With Quote
Old 06-19-2015, 07:40 AM   #7
BigMeatballDave BigMeatballDave is offline
GBM4 8-8-14
 
BigMeatballDave's Avatar
 

Join Date: Aug 2000
Casino cash: $44457
I wonder key if Swiftkey is affected? That's all I use.

I never do any banking or buy stuff over cellular. Only wifi.
Posts: 56,740
BigMeatballDave is obviously part of the inner Circle.BigMeatballDave is obviously part of the inner Circle.BigMeatballDave is obviously part of the inner Circle.BigMeatballDave is obviously part of the inner Circle.BigMeatballDave is obviously part of the inner Circle.BigMeatballDave is obviously part of the inner Circle.BigMeatballDave is obviously part of the inner Circle.BigMeatballDave is obviously part of the inner Circle.BigMeatballDave is obviously part of the inner Circle.BigMeatballDave is obviously part of the inner Circle.BigMeatballDave is obviously part of the inner Circle.
  Reply With Quote
Old 06-20-2015, 03:32 PM   #8
BWillie BWillie is online now
Go Cansays Schitty
 
BWillie's Avatar
 

Join Date: Apr 2006
Location: Harpooning Whales
Casino cash: $37406
What about Samsung Notes?
__________________
Posts: 17,262
BWillie Forgot to Remove His Claytex and Got Toxic Shock Syndrome.BWillie Forgot to Remove His Claytex and Got Toxic Shock Syndrome.BWillie Forgot to Remove His Claytex and Got Toxic Shock Syndrome.BWillie Forgot to Remove His Claytex and Got Toxic Shock Syndrome.BWillie Forgot to Remove His Claytex and Got Toxic Shock Syndrome.BWillie Forgot to Remove His Claytex and Got Toxic Shock Syndrome.BWillie Forgot to Remove His Claytex and Got Toxic Shock Syndrome.BWillie Forgot to Remove His Claytex and Got Toxic Shock Syndrome.BWillie Forgot to Remove His Claytex and Got Toxic Shock Syndrome.BWillie Forgot to Remove His Claytex and Got Toxic Shock Syndrome.BWillie Forgot to Remove His Claytex and Got Toxic Shock Syndrome.
  Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Forum Jump




All times are GMT -6. The time now is 07:33 AM.


This is a test for a client's site.
A new website that shows member-created construction site listings that need fill or have excess fill. Dirt Monkey @ https://DirtMonkey.net
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2015, vBulletin Solutions, Inc.