A potential security risk has been discovered on a large number of Android Smartphones as discovered by Nowsecure.
Some of the latest devices, such as Samsung Galaxy S6, and Galaxy S5, come pre-loaded with a third-party keyboard app, SwiftKey, which fetches an update over unsecure and invalidated channel. This allows the attacker on the same Wifi Network to hack the devices remotely by planting files on the victim’s device. Because SwiftKey is highly privileged, attackers can use this flaw to gain code execution on the device with system privileges. This can easily lead to a complete compromise of the entire device.
Although, the probability of this risk materializing is quite low, the world was oblivious to this vulnerability until discovered recently. Enterprises should not rely only on MDM/EMM solutions, which are not designed to detect such threats. In order to take advantage of new smart devices, enterprises need intelligent mobile defense solutions that can proactively detect and protect from both known and unknown threats.
Zimperium developed the world’s first mobile IPS, called zIPS, which has been protecting its enterprise customers globally since 2011. The Samsung devices running Zimperium’s zIPS solution are safe from this vulnerability out-of-the-box. zIPS uses predictive analysis, powered by our core z9 technology, to detect this attack before it happens, and prevents any harm, without requiring the devices to undergo engine update. zIPS is also available on Samsung’s KNOX marketplace, and integrates perfectly with any major MDM/SIEM/VPN solution.
The fail-safe security that Enterprises need should not be contingent upon device engine updates. The benefit of z9 technology for its customers is that it leverages both artificial intelligence and machine learning to understand sophisticated attack mechanisms and keep mobile devices secure from both network and host-based attacks, without requiring engine updates.
Following this advisory, for enhanced forensics capability, Zimperium released an update that is capable of identifying and fetching the malicious components for mobile incident response purposes from suspected devices.
Device manufacturers can pre-install mobile IPS applications such as zIPS, to provide tenable security to their end-user customers, even without a firmware update. In addition, we suggest that when providing updates, device manufacturers should:
- Enforce all updates to be over an encrypted form (HTTPS)
- Use a signing mechanism to validate any downloaded content.
- Have an easy to deploy update mechanism for system apps and OS vulnerabilities
If you would like to know more about our solutions, please request a demo at www.zimperium.com/request-demo
Connect with us at Twitter @Zimperium