Samsung devices, including Galaxy S6, vulnerable to remote code execution by Ashley Carman.
From the post:
More than 600 million Samsung mobile device owners are vulnerable to cyberattacks that could allow a perpetrator to remotely execute code as a privileged system user.
The vulnerability exists in Samsung’s pre-installed Swift keyboard. The keyboard, which cannot be uninstalled or disabled, issues update check requests every couple hours or so, explained NowSecure CEO Andrew Hoog during a Wednesday interview with SCMagazine.com. NowSecure discovered the bug, CVE-2015-2865, in 2014, and notes that to execute a successful attack, a person must be capable of modifying upstream traffic.
If a user is logged into an insecure WiFi network, for example, a successful man-in-the-middle (MitM) attack could allow a cybercriminal to monitor the network traffic for these requests. Once one is spotted, the attacker can respond with a malicious payload. From there, the attacker could tamper with the compromised device. Sample exploitations could include accessing sensors and resources, such as the device’s camera; installing malicious apps without the user’s knowledge; listening in on calls; or accessing personal data, such as pictures and text messages.
…
See Ashley’s post for the rest of the details. Including a suggestion that an attack focused on a single device is unlikely.
That’s like arguing purse snatching isn’t a problem because banks have more money. In fact we know that purse snatching happens despite the existence of banks. Smaller return but less risk.
A 600 million device target area sounds big enough to attract malicious interest.