If you have a Samsung or Apple product, listen up. Vulnerabilities in your device could allow hackers to steal your passwords, data or even take control of your phone.
Two separate reports claim that the two dominant devicemakers have serious vulnerabilities that could have dangerous repercussions for consumers.
A newly released report from a group of security researchers found a vulnerability in Apple’s desktop and mobile operating system, which could allow hackers to bypass security checks and steal passwords and other critical app data.
https://youtu.be/IYZkAIIzsIo
Another report said that hackers can spy on everything that Samsung Galaxy owners are doing. They can even watch you through your camera phone or listen to you through your microphone on more than 600 million devices according to NowSecure. Other frightening capabilities include reading incoming and outgoing texts and installing apps.
The Samsung hack exploits an IME keyboard flaw by repackaging a version of SwiftKey that asks users periodically to update their server. The report claims hackers can easily step into that process, pretending to be the server and send malicious code.
Researchers hacking the Apple devices exploited the way that apps communicate with each other to “steal such confidential information as the passwords for iCloud, e-mail and bank, and the secret token of Evernote.”
Lead researcher, Luyi Xing’s team was able to “gain unauthorized access to other apps’ sensitive data such as passwords and tokens from iCloud, Mail app and all Web passwords stored by Google Chrome.”
Researchers found more than 88.6% of Apple devices were completely exposed to the vulnerability
As for the Samsung devices, usually there are protections against “man in the middle hacks,” but Samsung has given its software special permission in the updating process that allows hackers to penetrate protections designed to stop third parties from gaining access to the phones.
“We supply Samsung with the core technology that powers the word predictions in their keyboard,” SwiftKey said. “It appears that the way this technology was integrated on Samsung devices introduced the security vulnerability. We are doing everything we can to support our long-time partner Samsung in their efforts to resolve this obscure but important security issue.”
It appears the Samsung hacks are specific to the Samsung Galaxy S6, the S6 Edge and Galaxy S4 Mini. Other Android devices have not been found to have the same vulnerabilities.
Samsung has reportedly provided a patch to mobile network operators that allows them to push updates out themselves, but it is unclear if anyone has used it yet. Samsung says it will make upgrades to its Knox security software in the next few days.
