CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
EPSS
Percentile
79.3%
Samsung Galaxy S phones, including the S4 Mini, S4, S5, and S6, fail to properly validate Swiftkey language pack updates.
CWE-345**: Insufficient Verification of Data Authenticity -**CVE-2015-4640
Samsung Galaxy S phones, including the S4 Mini, S4, S5, and S6, are pre-installed with a version of SwiftKey keyboard that is signed by Samsung to operate with system privileges. By design, SwiftKey periodically checks for language pack updates over HTTP (CVE-2015-4640). By intercepting such requests and modifying the necessary fields, an attacker can write arbitrary data to vulnerable devices.
SwiftKey has stated that the “vulnerability is unrelated to and does not affect our SwiftKey consumer apps on Google Play and the Apple App Store.”
A remote, unauthenticated attacker conducting a man-in-the-middle attack may be able to write arbitrary data to vulnerable devices checking for updates. Based on the frequency of SwiftKey update checks, which “appears to be every 8 hours” according to NowSecure researchers, such an attack may have a low likelihood of occurring.
Apply an update
Samsung has provided a firmware update to cell phone carriers for distribution to affected users. If your cell phone carrier has not provided the over-the-air update, consider the following workaround:
Avoid untrusted networks
Avoid using untrusted networks, including public WiFi. Using your device on an untrusted network increases the chance of falling victim to a MITM attack.
155412
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: March 02, 2015 Updated: June 16, 2015
Statement Date: March 07, 2015
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Samsung Galaxy S phones, including the S4 Mini, S4, S5, and S6, are affected by this vulnerability.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23155412 Feedback>).
Group | Score | Vector |
---|---|---|
Base | 5.7 | AV:A/AC:M/Au:N/C:N/I:C/A:N |
Temporal | 4.5 | E:POC/RL:OF/RC:C |
Environmental | 4.5 | CDP:N/TD:H/CR:ND/IR:ND/AR:ND |
Thanks to Ryan Welton and Ted Eull of NowSecure for reporting this vulnerability.
This document was written by Joel Land.
CVE IDs: | CVE-2015-4640, CVE-2015-4641 |
---|---|
Date Public: | 2015-06-16 Date First Published: |
arstechnica.com/security/2015/06/new-exploit-turns-samsung-galaxy-phones-into-remote-bugging-devices/
cwe.mitre.org/data/definitions/300.html
global.samsungtomorrow.com/information-regarding-the-keyboard-security-issue-and-our-device-policy-update/
swiftkey.com/en/blog/samsung-keyboard-security-vulnerability-swiftkey/
www.blackhat.com/ldn-15/summit.html#abusing-android-apps-and-gaining-remote-code-execution
www.nowsecure.com/blog/2015/06/16/remote-code-execution-as-system-user-on-samsung-phones/
www.nowsecure.com/blog/2015/06/23/on-detecting-and-preventing-the-samsung-ime-keyboard-swiftkey-language-pack-update-vulnerability/