More Than 600 Million Samsung Phones Vulnerable to Hacking

Samsung smartphones could be exposed to hackers via a feature that cannot be removed, according to a cyber-security company. Here’s what you need to know.

A preinstalled feature has left more than 600 million Samsung smartphones open to hackers, according to NowSecure.

The cyber-security company publicly announced the vulnerability this week in a blog post written by NowSecure mobile security researcher Ryan Welton, who discovered the flaw. The company states that it notified Samsung of the issue in December.

The Samsung Galaxy S4 Mini and the Galaxy S4, S5 and S6 models on certain carrier networks are affected. (NowSecure has published a chart of all affected phone models and carriers, and the status of patches to fix the problem.)

NowSecure warns that an attacker who exploits the flaw could remotely do the following:

  • Access sensors and resources like GPS, camera and microphone
  • Secretly install malicious app(s) without the user knowing
  • Tamper with how other apps work or how the phone works
  • Eavesdrop on incoming/outgoing messages or voice calls
  • Attempt to access sensitive personal data like pictures and text messages

The vulnerability comes into play automatically on reboot or when the phones’ SwiftKey Keyboard software updates. SwiftKey comes preinstalled on Samsung devices and cannot be uninstalled or disabled, according to NowSecure’s blog post:

Even when it is not used as the default keyboard, it can still be exploited.

SwiftKey states that “the likelihood of such a vulnerability being exploited is low” but says the company is taking the issue “very seriously” and is working with Samsung “to try to ensure a patch is available to all affected users as soon as possible.”

Meanwhile, NowSecure recommends that affected Samsung users reduce their risk by avoiding using insecure Wi-Fi networks like those open to the public at places such as coffeehouses and restaurants.

Samsung users also should contact their phone carrier about patch information and timing.

SwiftKey also “strongly recommend[s]” that all smartphone users ensure their software is up to date, which the company states can usually be done in a device’s settings menu, typically under the “about” or “general” category.

Are you worried about this vulnerability, Galaxy users? Let us know your thoughts in a comment below or on Facebook.

Stacy Johnson

It's not the usual blah, blah, blah

I know... every site you visit wants you to subscribe to their newsletter. But our news and advice is actually worth reading! For 25 years, I've been making people richer without making their eyes glaze over. You'll be glad you did. I guarantee it!

Read Next: Popular Password Manager Hacked: What It Means for You

Check Out Our Hottest Deals!

We're always adding new deals and coupons that'll save you big bucks. See the deals to the right and hundreds more in our Deals section.

Click here to explore 1,450 more deals!