12:48 17th Jun, 2015
SwiftKey Leaves 600 Million Samsung Smartphones Open To Hackers
Firmware updates are the only way out.
Seems like Samsung is in big fix indeed. Turns out that a massive chunk of its smartphones that come with the SwiftKey keyboard built-in, are now vulnerable to hackers. This is big news indeed as the hacker can actually access, remotely monitor and even install malware on the smartphone without the owner even knowing about it.
NowSecure a mobile security solutions provider is the company that discovered the vulnerability and as the video below clearly shows can be activated once a user has downloaded a language pack.
This where the problem begins. The vulnerability lies in the fact that a hacker can play around, insert and seed his code in the language pack that users can be tricked into downloading.
Once that is done, the user is at the mercy of the hacker since he now has the controls and could remotely:
- Access sensors and resources like GPS, camera and microphone
- Secretly install malicious app(s) without the user knowing
- Tamper with how other apps work or how the phone works
- Eavesdrop on incoming/outgoing messages or voice calls
- Attempt to access sensitive personal data like pictures and text messages
If this was not creepy enough, you could have a look at the video below which actually shows the openness of the vulnerability.
NowSecure states that the firm had informed Samsung and even Google about the same on December 2014. Even Samsung had begun issuing patches. However, the circle is not complete and millions of smartphones are still at risk.
The security firm has a page dedicated to the vulnerability that still shows a number of Galaxy devices including the Galaxy S6, S5 (running carrier firmware) that have not been patched. But these are indeed just the ones that were purchased from carriers.
As for those who are worried about the vulnerability on their Galaxy devices (you should be); there are a couple of ways in which you could avoid being a part of this.
It is as simple as either switching to another device, connecting to secured and known Wi-Fi networks and no, a third-party keyboard will certainly not help. This is because the keyboard gets activated on the first boot and if you happen to be using it for quite a while you may have already provided access to someone.
The funny bit is that Samsung has not made the issue public. This is more so because of the fact that that vulnerability is huge and has been lying around for quite sometime. If someone has not taken advantage of the situation yet, the bridge is still open for someone else with the right know-how (and hopefully, good intentions).
- Bobble AI bullish on growing business via regional content; announces dedicated keyboard in Malayalam
- Acer India launches business PC at Just Rs 9999
- TCL 4K QLED with Hands Free AI TV Pre-booking Coming Soon at Reliance Digital
- Linksys India Launches VELOP MX5300 WIFI 6 Mesh System
- Acer introduces Nitro 5, its first 10th Gen Intel® Core™ Gaming Laptop
- Barco Introduces New Series of Advanced Video Processing and Presentation Control Systems
- NETGEAR Orbi RBK50 Mesh System to Augment Your Home Wi-Fi Network for Improved Work Efficiency
- Motorola announces its new flagship in India with the Fastest, Loudest, Boldest; motorola edge+
- Surface Pro X, Surface Pro 7 and Surface Laptop 3 are now available in India
- Genelec Announces 1235A: Classic Heritage, Cutting Edge Performance