Last week, NowSecure security researchers revealed that nearly 600m Samsung mobile devices are vulnerable to a type of MitM attack.
Samsung devices have a virtual keyboard that automatically updates its language package. Even if you don't use the default keyboard on your Samsung device, this keyboard will still update itself.
This update can be hijacked by an attacker who is positioned on the same network to upload any malicious software they want. This could be a malicious payload like Netcat or a Metasploit payload that would give the attacker complete control over the Samsung device. The attacker could then download photos, text messages, email, etc. or take control of the microphone or camera on the device.
This is very similar to the EvilGrade attack I demonstrated here. In this attack, we hijacked the software upgrade of Notepad++ and installed our own malicious software that gives of control of the system. In addition, the NSA has used this technique in activating and upgrading Stuxnet and some of their other malicious espionage software.
The Samsung keyboard upgrade has at least two key issues in its upgrade process. First, it fails to encrypt the upgrade process making it rather easy for the attacker to identify and intercept the upgrade process. Second, the updates are given root privileges, meaning that the attacker who installs malicious software on these devices immediately has all privileges on the device.
As of yet, no one has developed a tool to exploit this vulnerability and Samsung has not yet patched it. Exploiting this vulnerability won't be easy, as it would require a MitM attack waiting for the keyboard to update its language package and then replace it with malicious software. Given the number of vulnerable devices, though, I'm sure someone will have an exploit out soon!
Just updated your iPhone? You'll find new features for TV, Messages, News, and Shortcuts, as well as important bug fixes and security patches. Find out what's new and changed on your iPhone with the iOS 17.6 update.
4 Comments
Whohoo! MitM! :)
Wow ... Its just amazing how the exploit is been triggered.
Just incredible.
All what an attacker needs is to be on the same network and intercept the request and replace it. How can SAMSUNG be this irresponsible ?
I first though it was some kinda of Overflow, after I saw netcat at the beginning of this I thought that it caused a telnet server to open, now I am just amazed how easy this was overall...
http://thehackernews.com/
Share Your Thoughts