Samsung stuffs spy gap in its Android devices
the electronic company Samsung has discovered a vulnerability in its Android devices resolved, through which you can spy on the user of the equipment comprehensively. How c't reported in the current issue 01/14, smartphones and tablets were broadcasting the manufacturer's registration data for the so-called Samsung account in plain text - including the name, email address and even the chosen password.
A Samsung account requires you to use essential functions such as detection of lost smartphones. Advised the login information in the wrong hands, but can use it to explore the precise whereabouts of the account owner by unauthorized personnel. You also can order via the Samsung website even create motion profiles, which cover a period of 12 hours, access to call lists, set up diversions for calls and text messages and even unlock the phone.
In the Traffic Samsung device data snoopers could make fat booty. Enlarge eavesdropping of the data is truly not rocket science: the sniffer is in the same local network, he gets this data served almost on a silver platter. Assuming that intelligence agencies like NSA GHCQ and record the data traffic of the registration server preventively, they have also instant access to numerous accounts.
This affects, among other things, the Galaxy S4. Enlarge was discovered by the gap the company mediatest digitally , which specializes in security reviews of apps and mobile devices. The company then turned on heise Security. We were able to reproduce the problem with a Samsung Galaxy S4 and Galaxy Tab 3 and have the South Korean manufacturer informed late last week. There appear to the seriousness of the situation was recognized: After five days Samsung had announced via its press agency that the problem is fixed now - but without giving details.
Our tests confirm that during the registration no longer data are transferred in clear text. Anyone who has already created a Samsung account on an Android device of the manufacturer in the past, should better change the password. Since Samsung has not yet announced which models are affected and even protected, you should switch to the encrypted transmitted website https://account.samsung.com to change the password or create a new account if necessary.
http://www.heise.de
A Samsung account requires you to use essential functions such as detection of lost smartphones. Advised the login information in the wrong hands, but can use it to explore the precise whereabouts of the account owner by unauthorized personnel. You also can order via the Samsung website even create motion profiles, which cover a period of 12 hours, access to call lists, set up diversions for calls and text messages and even unlock the phone.
In the Traffic Samsung device data snoopers could make fat booty. Enlarge eavesdropping of the data is truly not rocket science: the sniffer is in the same local network, he gets this data served almost on a silver platter. Assuming that intelligence agencies like NSA GHCQ and record the data traffic of the registration server preventively, they have also instant access to numerous accounts.
This affects, among other things, the Galaxy S4. Enlarge was discovered by the gap the company mediatest digitally , which specializes in security reviews of apps and mobile devices. The company then turned on heise Security. We were able to reproduce the problem with a Samsung Galaxy S4 and Galaxy Tab 3 and have the South Korean manufacturer informed late last week. There appear to the seriousness of the situation was recognized: After five days Samsung had announced via its press agency that the problem is fixed now - but without giving details.
Our tests confirm that during the registration no longer data are transferred in clear text. Anyone who has already created a Samsung account on an Android device of the manufacturer in the past, should better change the password. Since Samsung has not yet announced which models are affected and even protected, you should switch to the encrypted transmitted website https://account.samsung.com to change the password or create a new account if necessary.
http://www.heise.de
Posts
No comments: