Samsung Cellphone Keyboard Software Vulnerable To Attack

Adesso writes: A serious security problem in the default Samsung keyboard installed on many of the company's cellphones has been lurking since December 2014 (CVE-2015-2865). When the phone tries to update the keyboard, it fails to encrypt the executable file. This means attackers on the same network can replace the update file with a malicious one of their own. Affected devices include the Galaxy S6, S5, S4, and S4 mini — roughly 600 million of which are in use. There's no known fix at the moment, aside from avoiding insecure Wi-Fi networks or switching phones. The researcher who presented these findings at the Blackhat security conference says Samsung has provided a patch to carriers, but he can't find out if any of them have applied the patch. The bug is currently still active on the devices he tested.

Re:That's stupid

[johnlcallaway]

So .. you prefer to pay too much for a phone with few choices simply because you don't have the ability to keep off of unsecured or untrusted WiFi networks? Which you shouldn't be connecting to anyway because there are far greater risks associated with that practice.

I never allow my phone to connect to any WiFi network I don't trust, that's just stupid. And it never downloads updates unless it's on WiFi. So that pretty much leaves only updating my phone at work or at home.

But then again, I have skills.

Yawn .. just another article Apple iDrones will point to and try to justify their overpayment of a limited product. I mean, they just got a watch. At least .. some of them did. I wonder when they will have the ability to use more than one app at the same time. I love being able to pull up Google maps in a second window while I'm also surfing using Chrome. Or pull up Evernote and jot something down. Great capability .. maybe someday the used-to-be-innovative Apple will figure out how to do windows.