The BBRY Café. [Formerly: I support BBRY and I buy shares!]
View Poll Results: Did you buy shares ?
- Voters
- 1129. You may not vote on this poll
-
- OT:
Samsung keyboard bug leaves 600m Android devices exposed to hackers
Vulnerability remains months after discovery, allowing hackers to eavesdrop on calls, steal data and activate camera, microphone and GPS remotely
"A vulnerability in Samsung�s Android keyboard installed on over 600m devices worldwide could allow hackers to take full control of the smartphone or tablet.
The security bug revolves around the update mechanism of the built-in keyboard, which looks for language updates for trending phrases either daily or weekly.
�The keyboard was signed with Samsung�s private signing key and runs in one of the most privileged contexts on the device, system user, which is a notch short of being root,� said researcher Ryan Welton from security company NowSecure who discovered the hole.
The problem was discovered last year. NowSecure told Samsung about the bug in December. Samsung asked NowSecure to keep the discovery under wraps until it could patch the problem. Google�s Android security team was also notified.
However, six months on it is unclear whether the patch is out. Samsung started that process in early 2015, but unlike Apple�s direct model of software updates, is beholden to mobile phone providers to push out updates to their users.
It is unclear whether that has happened and on what scale users have updated their devices.
Users stuck even if they install another keyboard
�Unfortunately, the flawed keyboard app can�t be uninstalled or disabled,� said Welton. �It isn�t easy for the Samsung mobile device user to tell if the carrier has patched the problem with a software update.�
The problem surrounds Samsung�s integration of Swiftkey�s underlying keyboard engine into its own keyboard software. Swiftkey essentially provides the brains for detecting what a user is trying to type and Samsung does the rest producing the completed keyboard and pre-installing it on its devices.
The Guardian understands that the fault lies within Samsung�s code. SwiftKey-based keyboards on other Android devices from other manufacturers, and SwiftKey�s apps from the Google Play Store or for the iPhone are unaffected.
If the Samsung Android device is connected to a malicious Wi-Fi network when the keyboard attempts to update its trending phrases and language pack, a hacker could substitute the update for a backdoor into the phone giving a hacker almost complete access to the phone.
According to NowSecure a hacker could remotely access a smartphone�s sensors, such as GPS, the camera or microphone, eavesdrop on calls or attack sensitive personal data.
�Unfortunately, we were only made aware of the issue on Tuesday,� said Joe Braid, chief marketing officer of SwiftKey. �We are working as hard as possible to support Samsung and help it fix the issue.�
Simply installing another third-party keyboard, including SwiftKey�s full keyboard does not fix the issue, as the Samsung keyboard continues to run in the background.
�There isn�t a whole lot you can do except try to steer clear of networks you don�t trust, where a crook might try to intercept and hack your traffic,� said Paul Ducklin from security company Sophos. �The silver lining, if that�s not too strong a way to describe it, is that a crook can�t exploit this hole just whenever he likes: you have to be on his dodgy network when a [keyboard] update happens, and he has to notice in time to jump in as a man-in-the-middle.�
The number of Samsung devices affected is extensive, but includes the latest Samsung Galaxy S models, including the Galaxy S6, S5 and S4.
A Samsung spokesperson told the Guardian: �Samsung takes emerging security threats very seriously. We are aware of the recent issue reported by several media outlets and are committed to providing the latest in mobile security.�
�It is important to note that the phone�s core functions (kernel) were not affected by the reported issue due to the protection of the Samsung Knox platform in all S4 models and above.�
�Samsung Knox also has the capability to update the security policy of the phones, over-the-air, to invalidate any remaining potential vulnerabilities caused by this issue. The security policy updates will begin rolling out in a few days.�07-22-15 10:09 AMLike 5 - Any time there is a sell off of a stock and shares drop by 80+%, plenty of traders jump in looking for a bounce due to overselling. SPHS is a perfect example. I took a big hit on that 90% sell off and picked up enough shares at the bottom to erase my losses and make a profit. I hope to do the same with XOMA. I think the market is overreacting and that there is still some value in this company.07-22-15 10:17 AMLike 4
- Hey all, not sure if you seen this posted in another thread..
http://forums.crackberry.com/general...evice-1029901/07-22-15 10:26 AMLike 7 - They just did.
- step one : open wallet
- step two : purchase a trusted and established business who already went through the process of creating said software.
- step three is automatic : value added, increased portfolio capabilities.
Easy peasy.
Posted via CB1007-22-15 10:43 AMLike 12 - When you buy a market leading company you automatically become the market leader.
Acquisitions are great because you know you have a good working product/service. If BlackBerry tried to "do it themselves", they'd have to put down money to build it, AND compete with the other companies out there.
Posted via CB1007-22-15 10:48 AMLike 13 - When you buy a market leading company you automatically become the market leader.
Acquisitions are great because you know you have a good working product/service. If BlackBerry tried to "do it themselves", they'd have to put down money to build it, AND compete with the other companies out there.
Posted via CB1007-22-15 10:51 AMLike 6 - Amber on AtHoc:
BNN - Watch TV Online | BlackBerry boosts security with new acquisition
+ Peter Misek evoking the possibility of a share buyback...
this service/offering is "device agnostic " !!07-22-15 10:55 AMLike 8 - I'll give it a go:
QNX hits again!
Troll!!
Speculations re: Android.
Troll!
Solar impulse a success!
Troll!!
BlackBerry stock stumbles!
Troll awards issued.
BlackBerry sponsored Mercedes Killin' it!
(where's the trolls!?)
M8 the traveller - all is envious.
No tro...? Nevermind. Stock slumps>>> TROOOLLLS!!
Mods come in for cleanup. Cool pic of Good Fellas.
Some misc. Random noise.
More Android speculations.
CrackBerry nation kills another poll.
Current day.
End/.
Q10SQN100-1/10.3.2.2339 | Bell07-22-15 11:41 AMLike 11 - 07-22-15 12:21 PMLike 4
-
With respect, you didn't really address the fellow's reasonable question.
Posted via CB1007-22-15 12:27 PMLike 0 -
- OT from the Related Technologies and Security files, including another of the regular scheduled Apple vulnerabilities::
Researcher unveils new privilege vulnerability in Apple's Mac OS X | ZDNet
http://www.zdnet.com/article/researc...tag=TRE17cfd6107-22-15 12:42 PMLike 9 - 07-22-15 01:53 PMLike 9
-
My problem is I can't wrap my head around where you would put your lips for the re breather hole(?)07-22-15 02:08 PMLike 5 - This buy seems not for obtaining critical technologies but for adding quick revenues. It tends to be over-priced. That is why the stock is down today.
Last edited by pbfan; 07-22-15 at 02:27 PM.
07-22-15 02:14 PMLike 0 -
-
And how you know " it tends to be over-priced" ? I thought the amount was undisclosed. Are you privey on the deal? Don't tell me you based that statement because the sp is down today. What if it is up tomorrow? Then it is under priced.?Last edited by La Emperor; 07-22-15 at 04:59 PM.
07-22-15 02:43 PMLike 12 - Some recent press releases about AtHoc customer wins and partnerships:
The U.S. Department of the Treasury Deploys AtHoc Networked Crisis Communication Solution
Authority to Operate Granted to AtHoc�s Secure Emergency Notification & Personnel Accountability System
The U.S. Department of the Treasury Deploys AtHoc Networked Crisis Communication Solution - AtHoc - Networked Crisis Communication
U.S. Air Force Awards $7.5 Million for AtHoc Networked Crisis Communication Solution
Emergency Mass Notification System by AtHoc Meets Highest Security Requirements
U.S. Air Force Awards $7.5 Million for AtHoc Networked Crisis Communication Solution - AtHoc - Networked Crisis Communication
Department of Energy Awards Enterprise-wide Contract for AtHoc Networked Crisis Communication Solution
Authority-to-Operate Granted for AtHoc Cloud Demonstrates Achieving Highest Security Threshold
Department of Energy Awards Enterprise-wide Contract for AtHoc Networked Crisis Communication Solution - AtHoc - Networked Crisis Communication
AtHoc Announces Networked Crisis Communications for Cisco Unified Communications Manager
Cisco-AtHoc Partnership Brings Secure Enterprise-wide Emergency Notifications Capabilities Using Cisco CallManager Infrastructure
AtHoc Announces Networked Crisis Communications for Cisco Unified Communications Manager - AtHoc - Networked Crisis Communication
AtHoc Announces Partnership with Esri to Bring State-of-the-art Mapping Capabilities to Networked Crisis Communication
Strategic Alliance Gives AtHoc Customers Additional Power to Command Over Incidents Using Robust and Precise Location-based Capabilities
AtHoc Announces Partnership with Esri to Bring State-of-the-art Mapping Capabilities to Networked Crisis Communication - AtHoc - Networked Crisis Communication
AtHoc Partners with Microsoft to Present at Global Smart Cities Event
2015 Asia Pacific Cities Summit and Mayors� Forum Showcases New Models for Smarter, Safer, Connected Cities
AtHoc Partners with Microsoft to Present at Global Smart Cities Event - AtHoc - Networked Crisis Communication07-22-15 02:44 PMLike 21 -
-
"Security" is their claim to fame, and hope they drop a few bombs on this aspect of the business at tomorrow's presentation.
With their acquisitions within the last few years, it is obvious the direction they are taking... and that is, getting deeeeeeeeeper into mobile security products....
A desperate need nowadays since we are becoming more mobile as time goes on...... and it is becoming more and more apparent (for all).
Good timing as a whole for BB and let's hope the SP begins to reflect this......
1 more sleep !07-22-15 03:32 PMLike 13 - OT: I hope they get successful at it.
Herbalife Asks Twitter To Unmask Anonymous Troll - Fortune
Herbalife wants Twitter to unmask troll
by Daniel Roberts
@readDanwrite
July 22, 2015, 2:35 PM EDT
E-mail Tweet Facebook Google Plus Linkedin
Share icons
The controversial company has petitioned Twitter to reveal the identity of an Herbalife critic.
It isn’t the first time someone has said negative things on Twitter about Herbalife, but it may be the first that Herbalife has gone after. More precisely, the publicly traded supplement seller is pressuring Twitter to find out the particular user’s identity.
Herbalife filed a “discovery before suit” petition this week in Illinois court asking Twitter to provide information that would help identify the Twitter user @AfueraHerbaLIES. That user joined the service in January of this year and has tweeted fewer than 2,000 times, exclusively about Herbalife.
The user, who often tweets in Spanish, retweets negative news about Herbalife and accuses the company of endangering lives with toxic materials. The person has also specifically called out Herbalife corporate affairs executive Alan Hoffman, a former chief of staff for Joe Biden. Hoffman gave Reuters this statement: “This is pretty straightforward. We are not going to sit back and let someone make false and defamatory statements about our company.”07-22-15 03:52 PMLike 9 - The other think I like about these acquisitions is how Team BB has been able to control any info leaks until a press release. Kudos to JC
Special Announcement - AtHoc - Networked Crisis Communication07-22-15 03:54 PMLike 15
- Forum
- Popular at CrackBerry
- General BlackBerry News, Discussion & Rumors
- BBRY
The BBRY Café. [Formerly: I support BBRY and I buy shares!]
Similar Threads
-
The importance of a removable battery.
By krzyabn in forum BlackBerry KEY2Replies: 45Last Post: 04-15-19, 10:12 PM -
Motion support - Vibration no longer working and I need advice!
By bunnyraider in forum BlackBerry MotionReplies: 1Last Post: 04-12-19, 09:42 PM -
Will BlackBerry Launcher ever give us the option to swipe up?
By ikeike859 in forum BlackBerry Android OSReplies: 8Last Post: 04-12-19, 06:27 PM -
In MIXplorer, what is the "archive?"
By RLeeSimon in forum Android AppsReplies: 3Last Post: 04-12-19, 05:00 PM -
Skype Preview brings screen sharing to Android and iOS
By CrackBerry News in forum CrackBerry.com News Discussion & ContestsReplies: 0Last Post: 04-12-19, 01:51 PM
Tags for this Thread
LINK TO POST COPIED TO CLIPBOARD