600M Samsung smartphones vulnerable to keyboard hack
Latest news from WSJ and Nowsecure has reported that, more than 600 millions Samsung smartphones, most of which belong to the Galaxy series, can be affected by a serious security flaw in the re-installed keyboard. It is being said, if not fixed, the hackers can follow track to attack and take over the control of you phone’s GPS, camera, mircophone. They can even install harmful apps, control you private messages, phone calls or picture/video gallery without you knowing.
The security problem comes from Swiftkey Keyboard app when users download the pre-installed system-level app. (SwiftKey refers to such app as the “Samsung stock keyboard using the SwiftKey SDK”). If you are using the official version of SwiftKey downloaded from Playstore, then you don’t have to worry about this risk.
Earlier last year, in November 2014, NowSecure, a security agency based in Israel detected and warned Samsung as well as Google Android security team about the risk of keyboard hack. The Korean company asked NowSecure to give them 3 months to fix the keyboard hack before spreading the news to public so that it won’t make consumers worry. However, the update launched in March did not seem to work really well. Experts from NowSecure still found the problem when they bought the newest Galaxy S6 from Samsung last week.
Here are some of the things an attacker could do with your Samsung keyboard hack:
1. Access sensors and resources like GPS, camera and microphone
2. Secretly install malicious app(s) without the user knowing
3. Tamper with how other apps work or how the phone works
4. Eavesdrop on incoming/outgoing messages or voice calls
5. Attempt to access sensitive personal data like pictures and text messages
Samsung started providing a patch to mobile network operators in early 2015. However, it is still unknown how many devices are still potential from keyboard hack. Anyway, prevention is always better than cure. For users’ safety, NowSecure suggests the following tips to minimize the risk of keyboard hack for you Samsung smartphones:
* Avoid connecting to insecure Wi-fi networks (without password/public networks)
* Use a different mobile device while waiting for updates
* Contact carriers for patch information and timing
If you are using a Samsung smartphone from the Galaxy S4 and later, it is highly advised to be aware of the risk and keep yourself updated.
For further information, please visit NowSecure and WSJ