Sorry, not available in this language yet

« Previous: Cloud storage security storm:…

Next: Why managed application security… »

Samsung SwiftKey: The latest AppSec vulnerability highlights

Posted by Jim Ivers on Wednesday, July 1, 2015

The Samsung smartphone SwiftKey security slip-up grabbed headlines in mid-June when it was discovered that 600 million Samsung smartphones were vulnerable to remote code execution (RCE) attacks.

Synopsys security experts were all over the issue, providing analysis of the problem and guidance to help organizations avoid the same common software design flaws.

Jim DelGrosso explained that detecting RCE vulnerabilities can be a challenge if you’re not specifically looking for them—even if they are well-documented and relatively common.
John Kozyrakis got into even more detail about preventing similar hacks in the future and applying the lessons of SwiftKey to other applications. He reported that Synopsys encounters RCE attacks frequently in our application testing and other engagements.
The Samsung SwiftKey scenario is also addressed in the August 2014 document from the IEEE Center for Secure Design.

This Samsung SwiftKey issue underscores why the depth and quality of your application security testing (AST) matters, and why organizations need to ask hard questions when evaluating AST vendors.

This post is filed under Security news and research.

Jim Ivers

Posted by

Jim Ivers

Jim Ivers is the senior director of marketing within Synopsys' Software Integrity Group where he leads all aspects of SIG's global marketing strategies, branding initiatives, and programs, as well as product management and product marketing. Jim is a 30-year technology veteran who has spent the last ten years in IT security. Prior to Synopsys, Jim was the CMO at companies such as Cigital, Covata, Triumfant, Vovici, and Cybertrust, a $200M security solutions provider that was sold to Verizon Business. Jim also served as VP of Marketing for webMethods and VP of Product Management for Information Builders.

SEE AUTHOR ARCHIVE

More from Security news and research

Synopsys Global Partner Program Receives CRN® 5-Star Rating for Second Consecutive Year

Synopsys Global Partner Program Receives CRN® 5-Star Rating for Second Consecutive Year

Posted by Fred Bals on March 27, 2023

CyRC Vulnerability Advisory: CVE-2023-25828 Authenticated Remote Code Execution in Pluck CMS

CyRC Vulnerability Advisory: CVE-2023-25828 Authenticated Remote Code Execution in Pluck CMS

Posted by Matthew Hogg on March 23, 2023

Cybersecurity Research Center

OWASP Top 10: Insecure design

OWASP Top 10: Insecure design

Posted by Synopsys Cybersecurity Research Center on March 16, 2023

DevSecOps uses policy to take the pressure off testing

DevSecOps uses policy to take the pressure off testing

Posted by Charlotte Freeman on March 13, 2023

Subscribe

Related Tags