Category Archives: Samsung

Fingerprint lock in Samsung Galaxy 5 easily defeated by whitehat hackers

The heavily marketed fingerprint sensor in Samsung's new Galaxy 5 smartphone has been defeated by whitehat hackers who were able to gain unfettered access to a PayPal account linked to the handset.

The hack, by researchers at Germany's Security Research Labs, is the latest to show the drawbacks of using fingerprints, iris scans, and other physical characteristics to authenticate an owner's identity to a computing device. While advocates promote biometrics as a safer and easier alternative to passwords, that information is leaked every time a person shops, rides a bus, or eats at a restaurant, giving attackers plenty of opportunity to steal and reuse it. This new exploit comes seven months after a separate team of whitehat hackers bypassed Apple's Touch ID fingerprint scanner less than 48 hours after it first became available.

"We expected we'd be able to spoof the S5's Finger Scanner, but I hoped it would at least be a challenge," Ben Schlabs, a researcher at SRLabs, wrote in an e-mail to Ars. "The S5 Finger Scanner feature offers nothing new except—because of the way it is implemented in this Android device—slightly higher risk than that already posed by previous devices."

Read 10 remaining paragraphs | Comments

Samsung patches store site for account takeover bug

Samsung has fixed a vulnerability on at least one of its Samsung.com sites that allowed attackers to take over the account of a target by creating a lookalike user name. The vulnerability, reported by security researcher Matthew Bryant (who goes by the hacker name "mandatory"), made it possible for someone to create a username using an intended victim’s e-mail address with added trailing spaces. While this created a separate account, the attacker would then be authenticated as the targeted user when going to other subdomains within Samsung.com.

The bug, caused by the way Samsung’s Web applications pruned (or “scrubbed”) extra trailing characters off of account e-mail addresses, affected all of Samsung.com’s subdomains. But according to Bryant, Samsung has now fixed the problem on its e-commerce site—the one with the most sensitive user data.

“If your username was originally ‘admin@samsung.com<SPACE><SPACE>,’” Bryant wrote in a blog post today, “after visiting http://shop.us.samsung.com/ it would be scrubbed to ‘admin@samsung.com’.”  While the webpage for creating new accounts prevents adding trailing spaces to user names through form validation, the spaces can be added using an HTTP intercept tool such as the Tamper Data Firefox add-on.

Read 1 remaining paragraphs | Comments


    






Developer’s Root Exploit Opens Door to Some Samsung Phones

In the past few days, developers on the XDA-Developers forum have discovered a new root exploit for recent Samsung phones. Normally a root exploit is a good thing for advanced users; they can modify their OS to improve performance, install new and rare apps, or even patch bugs. On the other hand, novice and uninformed users can have their phones targeted by attackers looking to reduce security and steal money or personal data. Malware writers have previously taken exploits written by the legitimate rooting community and repackaged them along with their malware to gain absolute control of a victim’s device.

XDA-Developers member alephzain discovered the vulnerability and created an exploit. A second forum member, Chainfire, packaged the exploit into an app that installed the exploit and rooted vulnerable phones. The app was later modified to disable the vulnerability to prevent an attacker from entering your phone.

Chainfire’s app makes rooting a Samsung phone easier for users.

How the exploit works
The vulnerability involves how the Exynos processor is used on certain Samsung phones (for example, the Galaxy S2). It is possible to access the entirety of physical memory through the OS. Usually this is limited to the root user, but in this case that memory is accessible by any user program.

The exploit uses this physical memory access to patch a system function in memory, bypassing the security and user controls in place. This lets the exploit gain root access on the phone. Once an attacker has root access, the entire phone is open.

Already exploited? Not maliciously
With such an open vulnerability in the wild, one might think that malware authors would be rushing to weaponize the exploit. Fortunately only Chainfire has done so, with this mobile rooting app. Currently knowledgeable phone “modders” can download and install this app to root their phones. And so can attackers, intent on stealing your personal data or money.

To protect against the latter situation, we detect the most recent versions of Chainfire’s tool as Android/ExynosToor.A-B, and alephzain’s exploit as Exploit/ExymemBrk.A.

NFC Payment Test at Olympics Will Inspire Mobile Attackers to Go for the Gold

Visa is testing out its PayWave contactless payment service at the Summer Olympics in London. Every athlete will get a Samsung Galaxy SIII phone enabled with near-field communication (NFC) along with Visa’s payment app. Contactless payments aren’t new, and similar payments by mobile phone have been tested by Google with its Wallet app and other NFC smartphones.

Image of Samsung Galaxy SIII

A Samsung Galaxy SIII will be given to every athlete competing at the 2012 Summer Olympics in London.

When we last looked at NFC phones and similar apps, there were questions of whether an attacker could go after the apps or the phone hardware and the Android OS. Since then we have seen a PIN-reset vulnerability that allowed an attacker to use the free prepaid card and the ability to crack PINs on the phone. Google updated the Wallet app to fix those vulnerabilities and make attacks much harder. Now attackers would need to go after the hardware itself, though this does not necessarily involve going after the Secure Element portion. One can get excellent results by targeting the OS and its NFC-handling libraries.

Fuzzing the hardware, which involves feeding corrupt or damaged data to an app to discover vulnerabilities, is a good first step. Researchers Charlie Miller and Collin Mulliner fuzzed SMS messages to great effect to discover exploitable vulnerabilities on Android and iOS phones a few years back. Mulliner has also looked at fuzzing NFC tags, going as far as developing a Python library and framework for testing older devices. Recently he updated his software to measure Android devices, allowing him to inject crafted NFC tags to a phone and then monitor the results. He can programmatically feed crafted or damaged NFC tags to Android’s library and then capture any crashes or code-execution opportunities.

Collin Mulliner’s NFC library can be used in fuzzing Android phones. This is very useful for discovering new vulnerabilities.

The Samsung Galaxy SIII goes on sale in North America and wordlwide within the first two weeks of July. An attacker wishing to target the device can purchase one easily and use Mulliner’s research to help find vulnerabilities and eventually develop exploits to steal a victim’s credit card. The large number of readers at the Olympics will provide places where a successful attacker can use stolen credentials to make purchases. The Olympics will also provide a concentrated pool of targets (people and phones) to pilfer from–especially if everyone is busy watching who wins the medals and not worrying about where his or her phone is.

 

Apple got the iPad from WHERE?

In the computer industry, truth is sometimes stranger than fiction.

(In computer security, truth is often stranger than fiction, as almost any random sample of spam will reveal – regular readers will surely remember the Are You Dead email which perplexed us back in April.)

Apple, as you probably haven’t been able to avoid knowing, is currently locked in legal battles with Samsung over the two companies’ tablet computing offerings.

And Apple’s Document 1 of Case5:11-cv-01846-LHK in the Northern California Distict Court doesn’t mince its words.

Apple accuses Samsung of a battery of wrongs, in the curious language which suffuses the US legal system, from patent infringement, through federal false designation of origin and unfair competition, to the heinous-sounding unjust enrichment.

Apple, according to Apple, and Apple should know, “revolutionized the telecommunications industry in 2007 when it introduced the wildly popular iPhone”. It was a revolution, according to Apple, because “before the iPhone, cell phones were utilitarian devices.”

Ergo, according to Apple, Samsung is not merely an imitator, but seems to have given up altogether on independent product development, choosing instead “to slavishy copy Apple’s innovative technology.”

(Now you know why not every democratic country thinks it best to have an adversarial legal system.

And why not all Anglophones like splitting infinitives.)

Anyway, everyone knows that you can’t argue with a revolution. That’s why it’s called a revolution. Because of the, ah, revolution involved.

But plucky Samsung has done just that, as keen patent/mobile device commentator Florian Mueller points out with some amusement.

Samsung’s lawyers have presented documentation to the court in which they suggest that Apple’s 2007 “revolution” was no such thing. And they offer a freeze-frame from the 1968 movie classic 2001: A Space Odyssey as evidence:

According to Mueller, Samsung’s court filing points out that the tablet computer in the movie has a lot in common with Apple’s modern offering: “an overall rectangular shape with a dominant display screen, narrow borders, a predominately flat front surface, a flat back surface (which is evident because the tablets are lying flat on the table’s surface), and a thin form factor.”

You have to admit: that’s not a bad argument. It’s certainly a very cool argument, and a surprisingly simple and straightforward one. So straightforward, in fact, that I suspect the lawyers will be delighted to argue over it for just as long as it takes.

Let’s just hope, if Apple really did borrow from 2001, that it borrowed only from the tablet devices shown above, and not from the spaceship’s central computer, HAL.

If you’ve seen the movie (what do I mean, “if” – of course you’ve seen it) you’ll probably remember they had some fairly serious computer security problems towards the end.



Copyright © 2014. Powered by WordPress & Romangie Theme.