Great Moto G Stylus deal on Amazon!

Updated: SwiftKey vulnerability puts 600 million Samsung Galaxy smartphones at risk

By Mihai A.
69comments
Samsung Android
Updated: SwiftKey vulnerability puts 600 million Samsung Galaxy smartphones at risk
According to a report from NowSecure, a critical vulnerability in the default SwiftKey keyboard app that comes preloaded on some Samsung Galaxy smartphones puts more than 600 million smartphones at risk. 

The security company says that the Android and iOS versions of the SwiftKey app available through the official app stores do not come with this vulnerability, meaning that the security risk only affects Samsung smartphones that come with the app pre-installed.

NowSecure discovered the vulnerability last year, and informed Samsung of the flaw back in December 2014. Unfortunately, although the smartphone maker has allegedly issued a patch to carriers across the globe since the vulnerability was discovered, NowSecure claims that most carriers have yet to roll out the patch. In the US, the Verizon and Sprint versions of the Samsung Galaxy S6, the T-Mobile Galaxy S5, and the AT&T Galaxy S4 mini are still unpatched, while the status of other phones is currently unknown. 

According to NowSecure, the default SwiftKey keyboard app can be used by a potential attacker to "remotely execute code as a privileged (system) user". Fortunately, attackers will be able to hack a phone only if the handset is connected to an insecure Wi-Fi network. You can read all the technical details by heading over to the source link below. 

Hackers who manage to exploit this vulnerability will be able to do all sorts of damage. Examples include accessing the GPS coordinates, the camera, or the microphone, installing malicious apps without the user's knowledge, intercepting both messages and voice calls, or gaining access to the locally-stored files such as photos.

Recommended Stories
As SwiftKey cannot be uninstalled from the Samsung Galaxy smartphones that use it as the default keyboard app, and the vulnerability is not limited to when you're actually using the app, NowSecure says that Samsung Galaxy smartphone owners should avoid insecure Wi-Fi networks, or use a different mobile device altogether until the vulnerability is patched.

Update: Samsung reached out to us to announce that it will soon patch the vulnerability through Knox. Read the full statement below:

Samsung takes emerging security threats very seriously. We are aware of the recent issue reported by several media outlets and are committed to providing the latest in mobile security. Samsung Knox has the capability to update the security policy of the phones, over-the-air, to invalidate any potential vulnerabilities caused by this issue. The security policy updates will begin rolling out in a few days. In addition to the security policy update, we are also working with SwiftKey to address potential risks going forward.

Update 2: In a another statement, Samsung claims that there's no proof of any Samsung smartphone being exploited to take advantage of this vulnerability. Here is the full statement:

The likelihood of making a successful attack, exploiting this vulnerability is low. There have been no reported customer cases of Galaxy devices being compromised through these keyboard updates. But as the reports indicate, the risk does exist and Samsung will roll out a security policy update in the coming days. This vulnerability, as noted by the researchers, requires a very specific set of conditions for a hacker to be able to exploit a device this way. This includes the user and the hacker physically being on the same unprotected network while downloading a language update. Also, on a KNOX-protected device there are additional capabilities in place such as real-time kernel protection to prevent a malicious attack from being effective.

source: NowSecure

Recommended Stories

Loading Comments...

Popular stories

T-Mobile is now going to dictate where you can use its 5G internet
T-Mobile is now going to dictate where you can use its 5G internet
Samsung's killer Galaxy Watch 6 Classic trade-in deal comes just in time for Mother's Day
Samsung's killer Galaxy Watch 6 Classic trade-in deal comes just in time for Mother's Day
Apple signals the imminent release of the iPad Air (2024) and iPad Pro (2024)
Apple signals the imminent release of the iPad Air (2024) and iPad Pro (2024)
The speedy iPad Mini 2021 is even sweeter than usual after a lovely discount on Amazon
The speedy iPad Mini 2021 is even sweeter than usual after a lovely discount on Amazon
Apple Watch X render shows new magnetic band mechanism that could lead to longer battery life
Apple Watch X render shows new magnetic band mechanism that could lead to longer battery life
Text message from AT&T about a free device offer may look like a scam or spam but it is legitimate
Text message from AT&T about a free device offer may look like a scam or spam but it is legitimate

Latest News

T-Mobile confirms major 5G network upgrades in Louisiana
T-Mobile confirms major 5G network upgrades in Louisiana
Apple needs a $250 iPhone to boost sales but it doesn't want to make "stripped-down, lousy products"
Apple needs a $250 iPhone to boost sales but it doesn't want to make "stripped-down, lousy products"
Grab the smaller-sized Galaxy Watch 6 at bargain prices through Amazon's deal
Grab the smaller-sized Galaxy Watch 6 at bargain prices through Amazon's deal
Galaxy S21 and S22 owners facing green line issue will get free screen replacement in one country
Galaxy S21 and S22 owners facing green line issue will get free screen replacement in one country
AT&T's first kid-friendly tablet is here with a fun design and great price
AT&T's first kid-friendly tablet is here with a fun design and great price
LeBron James may have leaked Apple's next big Beats product
LeBron James may have leaked Apple's next big Beats product
FCC OKs Cingular\'s purchase of AT&T Wireless