The Galaxy S4, Samsung’s flagship device of 2013, is selling like hotcakes. The Korean giant has shipped over 40 million units in less than seven months. But not all has been rosy in recent weeks. The S4 has a serious security glitch, exposing all Samsung Account details and giving sniffers full access to private information.
Mediatek Digital, a firm that tests the security standards of apps and mobile phones, recently exposed the serious flaw. Hackers can track the victims via GPS, access their recent call logs, configure call diverts and even turn off the device.
Samsung responded fast. The Korean company has released a security patch that solves the problem. Galaxy S4 owners are advised to check for OTA updates and install the fix. Not installing the patch can lead to serious data breaches and damage.
Every Samsung device requires the user to enter his personal details during the initial setup process. The user can then enjoy Samsung’s special services, which include lost phone detection (GPS) and access to exclusive Samsung applications. But as mentioned above, all log-in details can be harvested, giving the hacker full access to the device.
The intrusion in this case is not a complicated process. All the hacker needs to do to sniff out the data is just to be on the same WiFi network as the target device. This security issue just adds to the inherited weakness of Android platform. All media and utility services on Android devices are linked to one Google account, making it hard to stay safe.
Another Samsung product with the same problem is the Galaxy Tab 3. It’s still unclear whether other Samsung phones and tablets suffer from similar vulnerabilities.
Galaxy S4 users who have not checked for updates recently must install the aforementioned security update. They can then change their Samsung Account password. But this should be done via the Samsung Account Website, not the mobile device. New users are also advised to register their accounts on their computers.
Source – Samsung Galaxy S4 Vulnerability
Sign up today & never miss an update from the Checkmarx blog
Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.
Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.