A few weeks ago, on June 2015, the mobile devices security company “NowSecure”, has published a post about a vulnerability they have found, titled “Remote Code Execution as System User on Samsung Phones Summary”, discovered by its researcher, Mr. Ryan Welton.
This research was also marked using two official vulnerability identifications of CVE-2015-4640 and CVE-2015-4641.
On the above blog post the company wrote “Unfortunately, the flawed keyboard app can’t be uninstalled or disabled”.
I believe this is not fully correct as the relevant Android service of the this keyboard can be disabled if the device is rooted.
In the rest of this post I will show you how to do just that.
***
Disclaimer:
Following are the steps of how to work-around the vulnerabilities mentioned in the post blog of “NowSecure” – but the fact it worked for me does not necessarily means it will work for you or that it won’t harm your device and/or data.
I will have NO responsibility NOR liability for the following steps, if you will perform the following steps – it will be on your own personal responsibility and liability.
***
There is a workaround, which means it is not fixing the problem and the relevant software is still vulnerable, it is just that we will make sure the relevant software will not load into the device memory, so attackers will not be able to exploit this vulnerability.
***
The following procedure requires a root access for the device.
***
The concept outline is:
1. Installing another Android keyboard software
2. Making the new keyboard app the device active keyboard
3. Disabling the Samsung keyboard (including across device reboots)
This replaces the vulnerable keyboard with a (probably…) non-vulnerable keyboard and blocking the vulnerable keyboard from loading into memory, so it cannot be exploited.
First of all – make a full backup of the target Android device! And save the backup output OUTSIDE the device itself!
1. Make sure you have a root access on your Android device.
The free app of “Root Checker” may help you verify this.
If you do not have root access – the decision if and how to get root access is up to you to decide as it has many and serious implication on your device operation, maybe even its warranty – further beyond this workaround.
See the following two articles discussing the advantages and disadvantage of rooting and Android device:
a. Rooted vs. Unrooted Android: Your Best Arguments
b. To Root or Not to Root
2. Install an alternate free keyboard, like the “Google Keyboard”.
Here are some recommendations (not by me) for other alternate keyboards apps.
3. Make the non-Samsung keyboard the active system keyboard
The steps to do this may change from Android version to another, but you can get a hint in the following articles:
a. How to replace your Android or iOS keyboard
b. Type in style: How to change your Android keyboard
4. Reboot the device and make sure that the new keyboard app is the active keyboard and that it is working properly (say, do a Google search)
5. Install the free app of “Disable Service”. I installed and used it and it worked fine for me.
6. Disable the “Samsung Keyboard” app using the following steps:
a. Open the “Disable Service” app and choose the “System” tab on the right side of the app interface
b. Find the app named “Samsung Keyboard” (the actual name (partial or complete) of the app may be different as it may be written using the interface language of your phone) and choose it
(you can easily find the “Samsung Keyboard” app using the “Disable Service” app search option (the magnifier icon at the top-left side of its interface) – just type there “samsung”)
c. Un-check all the check boxes of the sub-items listed, the ones which the “Samsung Keyboard” is attached to. Once you un-check an item it will be disabled and its text color will turn from white to red.
You will probably be prompted, using a pop-up window, to grant the “Disable Service” app a root access – you HAVE to approve this request for this procedure to succeed (the pop-up window will enable you to limit this access for only 15 minutes. You can do this as well, as you suppose to complete the whole procedure within a few minutes)
d. That’s it – exit the app
e. To verify that the “Samsung Keyboard” is disabled – return to the Android keyboard selection section, as mentioned in step number 3 above and make sure that there is no item of “Samsung Keyboard” listed
In case you wish to re-enable the Samsung keyboard, use the following steps:
a. Open the “Disable Service” app and choose the “System” tab on the right side of the app interface
b. Find the app named “Samsung Keyboard” (the actual name (partial or complete) of the app may be different as it may be written using the interface language of your phone) and choose it
(you can easily find the “Samsung Keyboard” app using the “Disable Service” app search option (the magnifier icon at the top-left side of its interface) – just type there “samsung”)
c. Check/Select all the check boxes at the list you will be presented with. Once you check/select an item it will be enabled and its text color will turn from red to white.
You will probably be prompted, using a pop-up window, to grant the “Disable Service” app a root access – you HAVE to approve this request for this procedure to succeed (the pop-up window will enable you to limit this access for only 15 minutes. You can do this as well, as you suppose to complete this procedure within a few minutes)
d. Exit the app
e. To verify that the “Samsung Keyboard” is enabled – return to the Android keyboard selection section, as mentioned in step number 3 above and make sure that an item of “Samsung Keyboard” is listed there
The above procedure is meant for most folks as it easy and less prone to cause any harm – most folks should use it.
The following procedure will give the same result but it is intended for more technically experienced folks as it is more prone for possible mistakes and damage, as it is using low-level operating system commands. Use it only if are very technically knowledgeable about the low-system-levels of Android.
Perform steps 1 to 4 the same as mentioned above.
From step 5 and forward use the following steps:
5. Install a shell/terminal emulator like the free app of “Terminal Emulator for Android”, which I tested and found it to work fine and easy.
a. Open the “Terminal Emulator for Android” app and at the command line type the text “su” (without the quotes. su means “super user”, which is what we call “root” mode) and hit the “Enter” key, found on the edge of the lower-right corner of the app’s online keyboard. It looks like a thin line with large arrow-head that is pointing to the left
b. You will probably be prompted, using a pop-up window, to grant the “Terminal Emulator for Android” app a root access – you HAVE to approve this request for this procedure to succeed (the pop-up window will enable you to limit this access for only 15 minutes, you can do this as well, as you suppose to complete this procedure within a few minutes)
c. You will be returned to the command line. Notice that the sign at the right side of the line’s initials is changed from the dollar sign, “$”, to be the sign of “#”, which symbols you are now in “root” mode.
***Be very careful here as you can make real damage using the root mode***
d. Type the following line exactly, and once you completed writing it – press the “Enter” key:
pm disable com.sec.android.inputmethod
If all is fine you will be replied with a message of:
Package com.sec.android.inputmethod new state: disabled
e. Exit the app by clicking on the “X” sign on the app’s upper-right corner
To enable back the Samsung keyboard using the same app:
Do most of the same steps as mentioned above using the “Terminal Emulator for Android” app, but for step “d” change the command to be:
d. Type the following line exactly, and once you completed writing it – press the “Enter” key:
pm enable com.sec.android.inputmethod
If all is fine you will be replied with a message of:
Package com.sec.android.inputmethod new state: enabled
e. Exit the app by clicking on the “X” sign on the app’s upper-right corner
.
That is all. I hope this post will assist you in protecting yourselves from this vulnerability.
Cheers!
Eitan Caspi
.