Mobile Security Researcher At NowSecure Discloses Samsung Keyboard Security Risk That Leaves Over 600 Million Samsung Mobile Devices Vulnerable To Hackers
A security glitch in the SwiftKey developed keyboards pre-loaded on Samsung smartphones including the recently released Galaxy S6 has left over 600 million Samsung mobile devices vulnerable to hackers, according to reports.
The flaw was first discovered by Ryan Welton, mobile security researcher at NowSecure. NowSecure mentions in its official webpage, “Samsung was notified in December of 2014. Given the magnitude of the issue, NowSecure notified CERT who assigned CVE-2015-2865 and also informed the Google Android security team.”
If the flaw in the keyboard is exploited, a hacker could remotely access sensors and resources like GPS, camera and microphone, secretly install malicious apps without the knowledge of the user, tamper with the functionalities of apps, gain access to incoming or outgoing calls or messages and attempt to get their hands on personal data like pictures and texts, says NowSecure.
According to a report on Digital Trends, after Welton notified Samsung about the flaw in December 2014, the company immediately worked on a patch and sent updates to different carriers for devices running Android 4.2 or above in March 2015. It is yet to be confirmed, whether these patches have reached the devices, reports Digital Trends.
Users cannot uninstall SwiftKey from Samsung’s Galaxy range of devices since the app has been whitelisted and considered as native, reports GSM Arena.
As per NowSecure webpage, it is expected that Samsung’s Galaxy S4 Mini, Galaxy S4, Galaxy S5 and Galaxy S6 are affected, reports Digital Trends. The publication also explained that a hacker can attack through this vulnerability through a public Wi-Fi network only and the hacker should have knowledge about this exploit and share the same network accessed by the user.
Now Secure suggests that Samsung smartphone users should avoid public Wi-Fi networks. Users can also contact their carrier and ask for the phone to get updated with the patch, Digital Trends reported.
(For feedback/comments, mail the writer at pragyan.ibtimes@gmail.com)