Photo (cc) by Janitors
A preinstalled feature has left more than 600 million Samsung smartphones open to hackers, according to NowSecure.
The cyber-security company publicly announced the vulnerability this week in a blog post written by NowSecure mobile security researcher Ryan Welton, who discovered the flaw. The company states that it notified Samsung of the issue in December.
The Samsung Galaxy S4 Mini and the Galaxy S4, S5 and S6 models on certain carrier networks are affected. (NowSecure has published a chart of all affected phone models and carriers, and the status of patches to fix the problem.)
NowSecure warns that an attacker who exploits the flaw could remotely do the following:
- Access sensors and resources like GPS, camera and microphone
- Secretly install malicious app(s) without the user knowing
- Tamper with how other apps work or how the phone works
- Eavesdrop on incoming/outgoing messages or voice calls
- Attempt to access sensitive personal data like pictures and text messages
The vulnerability comes into play automatically on reboot or when the phones’ SwiftKey Keyboard software updates. SwiftKey comes preinstalled on Samsung devices and cannot be uninstalled or disabled, according to NowSecure’s blog post:
Even when it is not used as the default keyboard, it can still be exploited.
SwiftKey states that “the likelihood of such a vulnerability being exploited is low” but says the company is taking the issue “very seriously” and is working with Samsung “to try to ensure a patch is available to all affected users as soon as possible.”
Meanwhile, NowSecure recommends that affected Samsung users reduce their risk by avoiding using insecure Wi-Fi networks like those open to the public at places such as coffeehouses and restaurants.
Samsung users also should contact their phone carrier about patch information and timing.
SwiftKey also “strongly recommend[s]” that all smartphone users ensure their software is up to date, which the company states can usually be done in a device’s settings menu, typically under the “about” or “general” category.
Are you worried about this vulnerability, Galaxy users? Let us know your thoughts in a comment below or on Facebook.