back to article How to hijack MILLIONS of Samsung mobes with man-in-the-middle diddle

Samsung smartphones can be hijacked, infected with malware, and remotely controlled by malicious Wi-Fi hotspots in cafes, hotels, and so on, security researchers claim. According to the bods at NowSecure, millions of handsets have a remote-code execution vulnerability that is a software design flaw. One workaround is to avoid …

  1. Syntax Error

    Android the "open source" OS. Samsung are amazing.

    1. Anonymous Coward
      Anonymous Coward

      To be fair this is an example of the extra OEM crap that vendors add being bad news.

      When dumb shit like this goes on it makes people like Google think about locking down the system more,

      1. Anonymous Coward
        Anonymous Coward

        The problem is if they lock it down too much, some OEMs might start forking Android and the user experience for the typical buyer gets worse.

      2. Ian Joyner Bronze badge

        It's easy - mobile devices are end-user devices. They should be locked down. Apple gets this right.

        If you want to program to your hearts content, buy a general-purpose computer. That's what I do if I want to program at that level. I have programmed at that level and even lower:

        http://www.textfiles.com/bitsavers/pdf/burroughs/B1700/MIL_MicroImplementationLang.pdf

        I don't need to program a specific-purpose device for that thrill. The only people that want that level of control are malicious hackers.

  2. psyvenrix
    Mushroom

    frame the issue

    as an easy way to root a samsung android device. that would be more likely to make samsung patch it - 'people being insecure? who cares' vs 'people being able to strip our valued partners value add bundled apps? - HALT EVERYTHING UNTIL THIS IS FIXED!'.

    Pity this is a race between malicious users and the owner to use this exploit, either for good or for evil.

    1. Charles 9 Silver badge

      Re: frame the issue

      Except they probably won't update the 4 or 5. They'll just declare those EOL an their users SOL unless they change over to the 6.

      In any event, if you're rooted and can edit the hosts file, can you pothole the update domain?

      1. Hans 1

        Re: frame the issue

        You can also have the phone download a zip file with an appropriate hosts file, no need to root ... all you need is a DNS server on your wifi network and a web server....

        1. g e

          Re: frame the issue

          Just block the domain on your home router?

          Not much use for elsewhere, but a small help.

          1. Charles 9 Silver badge

            Re: frame the issue

            "Just block the domain on your home router?"

            Doesn't make sense to block it on the home router. At least YOU have control over it (and if it's pwned, you're screwed anyway since they can poison the DNS lookups).

            No, it's best to edit it on the device itself so it doesn't matter where it goes. Since local lookup takes precedence over DNS, editing the hosts file trumps poisoned DNS. Only a direct IP number can beat that, and blocking the update route catch-22's that.

      2. Ken Hagan Gold badge

        Re: frame the issue

        "Except they probably won't update the 4 or 5. They'll just declare those EOL an their users SOL unless they change over to the 6."

        At least in the UK, I'm pretty sure you can't declare EOL for a device that you are still selling.

        But, no, I don't expect them to update anything until a court rules (generally, I'm not picking on Samsung here) that a mobile phone *has* to get security updates for at least 5 years after it is finally withdrawn from sale because it isn't fit for purpose unless you can safely connect it to the network.

        1. Charles 9 Silver badge

          Re: frame the issue

          "At least in the UK, I'm pretty sure you can't declare EOL for a device that you are still selling."

          They'll just stop selling them, period. No longer a problem. And they'll argue that since they're no longer selling it, they can't be expected to continue defending them against essentially moving targets: caveat emptor.

  3. Pascal Monett Silver badge

    Wait a minute

    "The update process runs with system-level access. It unpacks the ZIP file without checking the paths of the files inside, and with full read-write permissions on the device's file system."

    Um, is there a "malicious file" that uninstalls all the bloody crap that Samsung throws in on top of the stuff I need ?

    Because if that's the case, tell me where to go and I'm there.

    1. Charles 9 Silver badge

      Re: Wait a minute

      No, because all that crud is part and parcel with actually-useful stuff...like Wi-Fi Calling. Trust me, I'd blow TouchWiz in a heartbeat...except for THAT, which is pretty damn essential when abroad.

  4. DryBones
    Pint

    Whee

    *pats his Nexus 5*

  5. jdoe.700101

    Licking their lips

    If the North Koreans don't already know about this, they certainly do now, and must be licking their lips at the thought of controlling 46% of their brothers phones. http://pocketnow.com/2015/01/22/apple-samsung-market-share-korea

  6. Anonymous Coward
    Anonymous Coward

    The Fix

    Use the vulnerability to modify the device's hosts file pointing skslm.swiftkey.net to 127.0.0.1?

    1. Michael Wojcik Silver badge

      Re: The Fix

      Out of curiosity (my phone isn't one of the ones mentioned, and doesn't appear to have Swiftkey), I tried adding that to /etc/hosts using Terminal - my phone's rooted - but the root filesystem is mounted read-only, so I couldn't change it directly using the shell.

      Haven't bothered trying to remount the filesystem or anything like that. I haven't spent any time learning about Android hacking; one of those things I might get into if I ever have any spare time. (I have Terminal installed because a computing device without a command line makes Baby Jesus cry.)

      1. Charles 9 Silver badge

        Re: The Fix

        That's how you do it. You remount the /etc directory Read/Write, edit the hosts entry, then remount it Read-Only again. That's how programs like AdAway work.

  7. eitancaspi

    This issue can be solved using a simple workaround if the device is rooted - see here:

    http://fudie.net/how-to-protect-yourself-from-the-samsung-keyboard-vulnerability-in-android-devices/

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022