SwiftKey Leaves 600 Million Samsung Smartphones Open To Hackers

Firmware updates are the only way out.

 

Seems like Samsung is in big fix indeed. Turns out that a massive chunk of its smartphones that come with the SwiftKey keyboard built-in, are now vulnerable to hackers. This is big news indeed as the hacker can actually access, remotely monitor and even install malware on the smartphone without the owner even knowing about it.

NowSecure a mobile security solutions provider is the company that discovered the vulnerability and as the video below clearly shows can be activated once a user has downloaded a language pack.

This where the problem begins. The vulnerability lies in the fact that a hacker can play around, insert and seed his code in the language pack that users can be tricked into downloading.

Once that is done, the user is at the mercy of the hacker since he now has the controls and could remotely:

  • Access sensors and resources like GPS, camera and microphone
  • Secretly install malicious app(s) without the user knowing
  • Tamper with how other apps work or how the phone works
  • Eavesdrop on incoming/outgoing messages or voice calls
  • Attempt to access sensitive personal data like pictures and text messages

If this was not creepy enough, you could have a look at the video below which actually shows the openness of the vulnerability.

NowSecure states that the firm had informed Samsung and even Google about the same on December 2014. Even Samsung had begun issuing patches. However, the circle is not complete and millions of smartphones are still at risk.

The security firm has a page dedicated to the vulnerability that still shows a number of Galaxy devices including the Galaxy S6, S5 (running carrier firmware) that have not been patched. But these are indeed just the ones that were purchased from carriers.

As for those who are worried about the vulnerability on their Galaxy devices (you should be); there are a couple of ways in which you could avoid being a part of this.

It is as simple as either switching to another device, connecting to secured and known Wi-Fi networks and no, a third-party keyboard will certainly not help. This is because the keyboard gets activated on the first boot and if you happen to be using it for quite a while you may have already provided access to someone.

The funny bit is that Samsung has not made the issue public. This is more so because of the fact that that vulnerability is huge and has been lying around for quite sometime. If someone has not taken advantage of the situation yet, the bridge is still open for someone else with the right know-how (and hopefully, good intentions).

Source


TAGS: Software, Android, Samsung, SwiftKey