Header Banner
Null Byte Logo
Null Byte
wonderhowto.mark.png
Cyber Weapons Lab Forum Metasploit Basics Facebook Hacks Password Cracking Top Wi-Fi Adapters Wi-Fi Hacking Linux Basics Mr. Robot Hacks Hack Like a Pro Forensics Recon Social Engineering Networking Basics Antivirus Evasion Spy Tactics MitM Advice from a Hacker

Samsung Keyboard Vulnerability Exposes 600M Mobile Devices!

Smartphone displaying a messaging app keyboard.

Last week, NowSecure security researchers revealed that nearly 600m Samsung mobile devices are vulnerable to a type of MitM attack.

Samsung devices have a virtual keyboard that automatically updates its language package. Even if you don't use the default keyboard on your Samsung device, this keyboard will still update itself.

This update can be hijacked by an attacker who is positioned on the same network to upload any malicious software they want. This could be a malicious payload like Netcat or a Metasploit payload that would give the attacker complete control over the Samsung device. The attacker could then download photos, text messages, email, etc. or take control of the microphone or camera on the device.

Smartphone keyboard displaying text related to hacking.

This is very similar to the EvilGrade attack I demonstrated here. In this attack, we hijacked the software upgrade of Notepad++ and installed our own malicious software that gives of control of the system. In addition, the NSA has used this technique in activating and upgrading Stuxnet and some of their other malicious espionage software.

The Samsung keyboard upgrade has at least two key issues in its upgrade process. First, it fails to encrypt the upgrade process making it rather easy for the attacker to identify and intercept the upgrade process. Second, the updates are given root privileges, meaning that the attacker who installs malicious software on these devices immediately has all privileges on the device.

As of yet, no one has developed a tool to exploit this vulnerability and Samsung has not yet patched it. Exploiting this vulnerability won't be easy, as it would require a MitM attack waiting for the keyboard to update its language package and then replace it with malicious software. Given the number of vulnerable devices, though, I'm sure someone will have an exploit out soon!

Apple's iOS 26 and iPadOS 26 updates are packed with new features, and you can try them before almost everyone else. First, check Gadget Hacks' list of supported iPhone and iPad models, then follow the step-by-step guide to install the iOS/iPadOS 26 beta — no paid developer account required.

Related Articles

Comments

No Comments Exist

Be the first, drop a comment!