Keyboard Vulnerability Scanner

What kind of security risk does this app scanning?

On Jun 16, a critical security vulnerability has been published (CVE-2015-2865), which impacts multiple Galaxy modules including the newly released S6. This vulnerability allows an attacker to install and execute arbitrary apps with the system privilege, exposed over 600 million phone users into a significant risk.

What is the consequence of this vulnerability?

When successfully exploited, an attacker could remotely:

►Access sensors and resources like GPS, camera and microphone

►Secretly install malicious app(s) without the user knowing

►Tamper with how other apps work or how the phone works

►Eavesdrop on incoming/outgoing messages or voice calls

►Attempt to access sensitive personal data like pictures and text messages

…and everything else a system user can do.

I’m impacted by this vulnerability, now what?

Avoid connecting to an insecure wi-fi network, and keep an eye on the official patch information. We will notify you in this app when the patch is available.

[Technical] How is this vulnerability caused?

The vulnerability (CVE-2015-2865) is caused by the insecure implementation of system upgrading mechanism. When checking the system update and downloading the update package, used an insecure HTTP connection. If an attacker gains control of a network - via a ARP MitM attack or compromised router, he could replace the update package to a malicious app, and have it executed as a privileged (system) user.

Ⓕ Facebook https://www.facebook.com/Trustlook

Ⓣ Twitter https://twitter.com/trustlook

Ⓖ Website http://www.trustlook.com