Path: csiph.com!usenet.pasdenom.info!nntpfeed.proxad.net!proxad.net!feeder1-1.proxad.net!ecngs!feeder2.ecngs.de!newsfeed.freenet.ag!newsfeed0.kamp.net!newsfeed.kamp.net!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail From: Sylvia Else Newsgroups: comp.misc Subject: Re: SwiftKey vulnerability lets hackers easily take control of devices Date: Fri, 26 Jun 2015 19:12:37 +1000 Lines: 29 Message-ID: References: Mime-Version: 1.0 Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-Trace: individual.net RI9MXRhALpXqGMd348KW+whH9LuWDG96bMZ48Juxiu3iUXkoKg Cancel-Lock: sha1:XJRIJ+N4r+dGj/m/zXMQq4Vzsjo= User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 In-Reply-To: Xref: csiph.com comp.misc:7985 On 26/06/2015 5:27 AM, voyager529 wrote: > On Fri, 19 Jun 2015 17:25:16 +1000, Sylvia Else > wrote: > >> >> >> So, some obscure technical mistake has introduced a vulnerability into >> the phones. >> >> Well, actually no. It appears the problem is just that the software >> auto-updates itself without ensuring that the server is trusted, and >> (presumably) not requiring that the update be cryptographically signed. >> >> So, just mind-boggling incompetence. Nothing new there. >> >> Most countries have consumer protection laws. If someone suffers a loss >> as a result of this, they really ought to sue Samsung. >> >> Sylvia > > Interesting question: If Samsung only licensed the software from > Swiftkey, would it really be Samsung who should shoulder the lawsuit, > or Swiftkey themselves? > Unless the relevant consumer laws state otherwise, it would be against Samsung, since the consumer has no contract with Swiftkey. Sylvia.