More Than 600 Million Samsung Phones Vulnerable to Hacking

Advertising Disclosure: When you buy something by clicking links on our site, we may earn a small commission, but it never affects the products or services we recommend.

Image Not Available

A preinstalled feature has left more than 600 million Samsung smartphones open to hackers, according to NowSecure.

The cyber-security company publicly announced the vulnerability this week in a blog post written by NowSecure mobile security researcher Ryan Welton, who discovered the flaw. The company states that it notified Samsung of the issue in December.

The Samsung Galaxy S4 Mini and the Galaxy S4, S5 and S6 models on certain carrier networks are affected. (NowSecure has published a chart of all affected phone models and carriers, and the status of patches to fix the problem.)

NowSecure warns that an attacker who exploits the flaw could remotely do the following:

  • Access sensors and resources like GPS, camera and microphone
  • Secretly install malicious app(s) without the user knowing
  • Tamper with how other apps work or how the phone works
  • Eavesdrop on incoming/outgoing messages or voice calls
  • Attempt to access sensitive personal data like pictures and text messages

The vulnerability comes into play automatically on reboot or when the phones’ SwiftKey Keyboard software updates. SwiftKey comes preinstalled on Samsung devices and cannot be uninstalled or disabled, according to NowSecure’s blog post:

Even when it is not used as the default keyboard, it can still be exploited.

SwiftKey states that “the likelihood of such a vulnerability being exploited is low” but says the company is taking the issue “very seriously” and is working with Samsung “to try to ensure a patch is available to all affected users as soon as possible.”

Meanwhile, NowSecure recommends that affected Samsung users reduce their risk by avoiding using insecure Wi-Fi networks like those open to the public at places such as coffeehouses and restaurants.

Samsung users also should contact their phone carrier about patch information and timing.

SwiftKey also “strongly recommend[s]” that all smartphone users ensure their software is up to date, which the company states can usually be done in a device’s settings menu, typically under the “about” or “general” category.

Are you worried about this vulnerability, Galaxy users? Let us know your thoughts in a comment below or on Facebook.

Get smarter with your money!

Want the best money-news and tips to help you make more and spend less? Then sign up for the free Money Talks Newsletter to receive daily updates of personal finance news and advice, delivered straight to your inbox. Sign up for our free newsletter today.