Updated: SwiftKey vulnerability puts 600 million Samsung Galaxy smartphones at risk

Updated: SwiftKey vulnerability puts 600 million Samsung Galaxy smartphones at risk
According to a report from NowSecure, a critical vulnerability in the default SwiftKey keyboard app that comes preloaded on some Samsung Galaxy smartphones puts more than 600 million smartphones at risk. 

The security company says that the Android and iOS versions of the SwiftKey app available through the official app stores do not come with this vulnerability, meaning that the security risk only affects Samsung smartphones that come with the app pre-installed.

NowSecure discovered the vulnerability last year, and informed Samsung of the flaw back in December 2014. Unfortunately, although the smartphone maker has allegedly issued a patch to carriers across the globe since the vulnerability was discovered, NowSecure claims that most carriers have yet to roll out the patch. In the US, the Verizon and Sprint versions of the Samsung Galaxy S6, the T-Mobile Galaxy S5, and the AT&T Galaxy S4 mini are still unpatched, while the status of other phones is currently unknown. 

According to NowSecure, the default SwiftKey keyboard app can be used by a potential attacker to "remotely execute code as a privileged (system) user". Fortunately, attackers will be able to hack a phone only if the handset is connected to an insecure Wi-Fi network. You can read all the technical details by heading over to the source link below. 

Hackers who manage to exploit this vulnerability will be able to do all sorts of damage. Examples include accessing the GPS coordinates, the camera, or the microphone, installing malicious apps without the user's knowledge, intercepting both messages and voice calls, or gaining access to the locally-stored files such as photos.

As SwiftKey cannot be uninstalled from the Samsung Galaxy smartphones that use it as the default keyboard app, and the vulnerability is not limited to when you're actually using the app, NowSecure says that Samsung Galaxy smartphone owners should avoid insecure Wi-Fi networks, or use a different mobile device altogether until the vulnerability is patched.

Update: Samsung reached out to us to announce that it will soon patch the vulnerability through Knox. Read the full statement below:


Update 2: In a another statement, Samsung claims that there's no proof of any Samsung smartphone being exploited to take advantage of this vulnerability. Here is the full statement:


source: NowSecure

FEATURED VIDEO

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.
FCC OKs Cingular's purchase of AT&T Wireless