The 2015 Pwnie Nominee For Lamest Vendor Response

Samsung Swift Keyboard MITM RCE

Credit: Samsung

NowSecure’s Ryan Welton discovered that Samsung’s pre-installed Swift keyboard had a itty-bitty, remote-code-execution-as-user-system vulnerability. Samsung asked for 1 year to fix it, and then 3 more months. Just for good measure, Ryan delayed disclosure by yet another 3 months. Hopefully Samsung is working on patching the 600M vulnerable devices all running carrier-dependent firmware images. In the meantime, users should disable or uninstall the pre-installed Swift keyboard. Oh wait, they can’t. Security-conscious users should take precautions such as: not connecting to untrusted wifi networks or carrier cellular networks, disabling WiFi and cellular data, or just not using Samsung devices.