Slashdot Mirror

← Back to Stories (view on slashdot.org)

Samsung Fixes Cellphone Keyboard Vulnerability

Posted by Soulskill on from the squeaky-keys-get-the-grease dept.

An anonymous reader writes: Several days ago, news broke that Samsung's keyboard software on their Galaxy series of cell phones had a glaring security issue that left 600 million devices vulnerable to attackers. The company has now fixed the flaw internally, and is making plans to roll out security updates to affected devices. They say the likelihood of an actual attack is low, because a particular set of conditions need to be met before any damage could be done.

41 comments

  1. Fuck by binarylarry · · Score: 3, Insightful

    I hate these god damn layout changes.

    Fuck you idiots at Dice!

    --
    Mod me down, my New Earth Global Warmingist friends!
    1. Re:Fuck by Anonymous Coward · · Score: 0

      I hate these god damn layout changes.

      Fuck you idiots at Dice!

      Beta is being slowly brought back. Oh, and it should be "fuck you idiots at DHI!".

    2. Re:Fuck by Anonymous Coward · · Score: 0

      Thank you for your interest in joining the Gay Wigger Association of DICE* (GayWAD)! GayWADs worldwide are happy that you'd like to become part of our

      constantly enlarging member ship (come sail away 8======D~)

      Unlike other geek fraternities that you might have heard about, GayWAD accepts members of all races, creeds, and colors. We don't even have a technical inclination requirement. As our founders stated in the Annals of GayWAD, Chapter 1: "You don't have to be a geek, as long as you like it Greek." They were, of course, referring to the penis in anus style of sexual relations. Don't despair, as attaining full fabulous lifetime status in GayWAD is easy. The only prerequisites for membership in Gay Wigger Association of DICE* are that you meet all of the following conditions:

      1. 1. Ownership of penis, anus, or both

      To submit your Gay Wigger Association of DICE* Membership Application, simply do nothing. Congratulations, you're now a GayWAD!

      If you require a specific membership number for purposes such as framing, docking, or prestigious inclusion upon your business cards and resume, please take down this number: 69.

      Optionally, you may complete the following survey by replying to this post, indicating affirmative responses with an X in each appropriate box:

      GayWAD Membership Survey (OPTIONAL)

      [ ] I am gay
      [ ] I am a wigger
      [ ] I have used VIDEO BYTES to find a sex partner

      After completion of this optional survey, your Slashdot post ID shall serve as your unique Gay Wigger Association of DICE* membership ID.

      Your GayWAD membership kit** is on its way.

      * GayWAD is neither affiliated with nor endorsed by DICE.COM.

      ** GayWAD membership kit no longer includes HIV self-test catheter.

    3. Re:Fuck by periodic · · Score: 1

      I hate them as well

      Who the **** is going to share a summary of a story on slslashdot when you can share the sorry itself.

      Also an advise, many slashdot readers are programmers, we despise anything that occupies screen space for no reason, we are used to parse screens mostly full of text.

      Du you want inspiration for a design language that appeals to us? Then i offer you this advise, free of charge even: take a look at emacs, vi, or the Linux command prompt.

    4. Re: Fuck by binarylarry · · Score: 2

      Also these paid advertisements are getting out of hand.

      --
      Mod me down, my New Earth Global Warmingist friends!
    5. Re:Fuck by Anonymous Coward · · Score: 0

      Who the **** is going to share a summary of a story on slslashdot when you can share the sorry itself.

      Probably the same people who submit a blog summary of an article instead of linking to the article itself.

  2. Dice ruins Slashdot by Anonymous Coward · · Score: 0

    What else is new

  3. 600 Million Devices! by cold+fjord · · Score: 1

    What a staggering lot of Linux driven devices in consumer hands. Mind boggling.

    --
    much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
    1. Re:600 Million Devices! by Anonymous Coward · · Score: 0

      It's no wonder the NSA can easily listen to everyone's phone calls and hack into all the cellphones...

  4. Hate the layout! by Anonymous Coward · · Score: 0

    Not liking the new layout. I want my old slashdot back.

    I miss having applications that only updated when YOU wanted it....

    I hate the forced upgrades with the web, 95% are not wanted.

    1. Re:Hate the layout! by Krojack · · Score: 2

      Make your own site and pull the data via rss

    2. Re:Hate the layout! by sims+2 · · Score: 1

      Tell me about it the security alarms company i use recently redesigned their website before it had a pricelist for anything you might want done now it says:

      "Our pricing varies depending on what your individual needs are and everyone has different needs. You can email or call us any time for prices."

      Like the websites that want me to call for a quote when i'm trying to determine if something is a $5 or $5000 item.

      How much does a tactical folding ladder cost? I still don't know

      --
      Minimum threshold fixed. Thanks!
    3. Re:Hate the layout! by Anonymous Coward · · Score: 0

      It would be too much work.

  5. Android still sucks anyways? by Anonymous Coward · · Score: 0

    Before I gave up on Android, I would always use Google keyboard. I used to want to use a bluetooth keyboard with my S4 but everytime i paired / unpaired the keyboard with my phone the default keyboard would get changed back to Samsungs. I always thought Samsung's keyboard sucked and could only stand using Google keyboard. Eventually that and various other moronic Android or Samsung glitches/bugs made me give up and move to iOS. That was an S4, can anyone tell me does Android still suck majorly Windows-style nowadays? Android is shit IMO

    1. Re:Android still sucks anyways? by Krojack · · Score: 2

      Those are not ASOP Android problems, they are Samsung's modified Android problems with Samsung's software.

    2. Re: Android still sucks anyways? by Anonymous Coward · · Score: 0

      I wouldn't say it sucks. Been running CyanogenMod on my aging S2 for ages and personally am extremely happy with it. My next upgrade will be to move to a 4g enabled phone running CyanogenMod. But YMMV as they say.

    3. Re: Android still sucks anyways? by Anonymous Coward · · Score: 0

      Tell us what you really think. Suck it up there butterball.

    4. Re: Android still sucks anyways? by Anonymous Coward · · Score: 0

      Samsung bastardizes android and if you're too stupid to tell the difference... Well... Go buy an iPhag.

    5. Re: Android still sucks anyways? by Anonymous Coward · · Score: 0

      Indeed. I'm going to solve the problem in the future by not buying Samsung products. It's nice having split screen but Android is going to get that before too long anyways. Having S-voice pop up if I press the button wrong and being unable to use more than one language without it interfering with the keyboard is ridiculous. There's no valid reason for being prevented from downloading other languages to the phone through official means.

  6. wtf dice!!! by Anonymous Coward · · Score: 0

    please help me understand: exactly what makes you periodically think these layout changes are welcome?

    1. Re: wtf dice!!! by Anonymous Coward · · Score: 0

      It's monsoon season in Mumbai

  7. Maybe they will finally fix by Anonymous Coward · · Score: 0

    The shortcut for .co.us, .or.us, and .go.us.

    But most likely not.

    --sf

    1. Re:Maybe they will finally fix by Anonymous Coward · · Score: 0

      What's that? Have you told them about that problem?

  8. Whiners and trolls by msobkow · · Score: 0, Troll

    I notice all the whiners and trolls bitching about the layout changes are Anonymous Cowards.

    Somehow it figures that people so lazy that they can't be bothered registering an account would also be the first to complain.

    You're always welcome to just fuck off and go elsewhere to whimper on the internet, you know? Try Facebook -- they seem to love pathetic whiners and drama queens like you.

    --
    I do not fail; I succeed at finding out what does not work.
    1. Re:Whiners and trolls by buckfeta2014 · · Score: 1

      boo hoo.

      --
      Buck Feta. You know what to do.
    2. Re:Whiners and trolls by Anonymous Coward · · Score: 0

      *gasp* yet people with mod points are modding them up to 5 rather frequently

    3. Re: Whiners and trolls by Anonymous Coward · · Score: 0

      Funny thing about the ACs, you want ad revenue? Clicks are probably not going to happen from logged in accounts.

    4. Re:Whiners and trolls by MobileTatsu-NJG · · Score: 1

      Maybe they want to complain without getting an off-topic karma hit.

      --

      "I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)

  9. Life *is* change by msobkow · · Score: 1

    Life is change. Stop whining and get over it, or write your own stagnant website that never adapts itself to any new technology. Maybe you could even write it in COBOL, just for giggles. :P

    --
    I do not fail; I succeed at finding out what does not work.
    1. Re:Life *is* change by Anonymous Coward · · Score: 0

      If you think change for the sake of change is good, you'll be shitting your pants for what North Korea could offer you!

    2. Re:Life *is* change by Anonymous Coward · · Score: 0

      But life should be 'change for the better'. I would say that your tagline is more accurate if it weren't for the fact that beta got squashed.

      If one were to take the view that the issues are a result of a culture mismatch between the new company and slashdot, how else, other than some degree of protest, would you expect a match to be achieved?

      But keep up the person abuse and denigration, it works wonders for social cohesion and progress. In the end you'll be on a site with other people who think its alright to tell others to shut and fuck off as normal modes of discussion and debate and no one else. Then you may find that you'll only have the summaries and adverts to read.

      Is there a night class you and all the systemd people go to to learn this approach that I missed?

      Posting AC because I can not because I'm not registered/lazy or any other reason.

  10. Too bad it won't work... by Anonymous Coward · · Score: 0

    Because those updates need to go through the carriers.. and lord knows they will not provide updates to people using "outdated" devices... even if they use the latest S6, the carriers will just turn a blind eye and not update it. That's why manufacturers need to put in an Update option in their phones already, which links directly to a server owned by the manufacturer(or google), instead of relying on the OTA updates that will never come.

    1. Re:Too bad it won't work... by bjwest · · Score: 2

      Or hold the carriers legally responsible for breaches when they don't pass the update through. Or, better yet, the FCC should hold them financially responsible and fine them for not passing a security update on to the devise, regardless of age.

      --

      --- Keep the choice with the user..
    2. Re: Too bad it won't work... by Anonymous Coward · · Score: 0

      Then Sprint will probably arbitrarily cut back on warranties again our threaten to raise prices for people who pay them a lot of money and actually want to use what they pay for.

      Threats like that seem to be the new CEOs immature response to dealing with actually being held accountable for actions.

      Of course it's not just Sprint. Anybody notice how corporations whine and squeal about the tiny bits of accountability being demanded of them?

    3. Re: Too bad it won't work... by Anonymous Coward · · Score: 0

      Oh yeah, give the NSA a new list of intermediaries to impersonate...

      If Samsung can't get permissions right in their software you want hardware encoded update servers?

  11. Re:Transcript of a recent meeting at Dice HQ: by Anonymous Coward · · Score: 0

    Transcript of a recent meeting at Dice HQ:

    Boss: What the hell? Slashdot's revenue dropped again? What happened?

    Middle management #1: That is strange, our beta design was supposed to increase traffic.

    Middle management #2: Yeah strange right? We spent weeks making sure the beta was difficult to use as hell, then we shove it down the user's throat, how could our traffic tank after that? HOW?

    Middle management #3: It can't be our fault, my 3 year old son was playing with beta before the launch and he absolutely loved it, he just learned how to use a mouse and he was clicking around rapidly, he was so excited by the design he even clicked on the ads, if everyone did that our views and revenue should have tripled by now.

    Boss: Well we got to do something, any ideas?

    Middle management #1: Hmmm... well I heard there is something call 'social media', I haven't looked at it yet but it looks like people love sharing things on it, maybe we can use that?

    Middle management #2: Yeah I heard about that too, my daughter said she uses it to share elmo photos.

    Middle management #3: Oh I got an idea! Let's put a bunch of social media share link on the site!

    Middle management #1: Sounds good to me, but if everyone is already doing it we need to do something a little different.

    Middle management #2: How about... Oh I know, let's remove the most useful and popular 'read more' link, and replace it with a bunch of share links. I swear the users are so fucking stupid they won't be able to tell the difference.

    Middle management #3: Yeah! Those geeks, they don't know much about computers, they are just going to click on the same place over and over again, and come back for more!

    Boss: Geek site for retards? That is fucking brilliant! Let's do it!

  12. Mod parent up please! by Anonymous Coward · · Score: 0

    nt

    1. Re:Mod parent up please! by Anonymous Coward · · Score: 0

      no.

    2. Re:Mod parent up please! by Anonymous Coward · · Score: 0

      yes plox, Interesting +1!

      I, for one, welcome our new GayWAD overlords!

  13. Carriers by Anonymous Coward · · Score: 0

    Most users will never receive the fix since carriers must approve them.

  14. Am I Misunderstanding? by Anonymous Coward · · Score: 0

    Am I misunderstanding, that this "hack" requires, not only that the attacker be on the local subnet(Wifi), but that the user must also initiate an update. SO, it really is a highly unlikely attack.

    But, insanely, Samsung's statement, linked above, recommends that people change their phone's settings to automatically accept updates! This makes your vulnerability FAR greater in my opinion. It opens you up to not only this attack, but future ones as well.

    Am I misunderstanding this, or is this a WTF moment?