infinix flip
yugatech choice awards 2024
Home » 600M Samsung smartphones vulnerable to keyboard hack

600M Samsung smartphones vulnerable to keyboard hack

Chicago-based mobile security company, NowSecure, has published a report that over 600 million Samsung smartphones, including the Galaxy S6, are affected by a security flaw in a pre-installed keyboard that, if left unpatched, can allow an attacker to remotely access the phone and install malware.

The security risk comes from the pre-installed system-level SwiftKey Keyboard app (which SwiftKey refer to as the “Samsung stock keyboard using the SwiftKey SDK”) on Samsung devices. According to NowSecure, “a remote attacker capable of controlling a user’s network traffic can manipulate the keyboard update mechanism on Samsung phones and execute code as a privileged (system) user on the target’s phone.” In addition, the pre-installed app cannot be disabled or uninstalled, installing the Play Store version does not remove the vulnerability, and can still be exploited even when it is not used as a default keyboard.

Here are some of the things an attacker could do with the keyboard exploit:

  1. Access sensors and resources like GPS, camera and microphone
  2. Secretly install malicious app(s) without the user knowing
  3. Tamper with how other apps work or how the phone works
  4. Eavesdrop on incoming/outgoing messages or voice calls
  5. Attempt to access sensitive personal data like pictures and text messages

NowSecure notified Samsung of the security flaw in December 2014 as well as the Google Android security team. Samsung started providing a patch to mobile network operators in early 2015, however, it is still unknown how many devices remain vulnerable and that it is difficult for the user to know if the carrier has already patched the problem. For now, NowSecure suggests the following to reduce the risk of an attack on your device:

  • Avoid insecure Wi-fi networks
  • Use a different mobile device
  • Contact carriers for patch information and timing

For more details about the report, hit the source link below.

source: NowSecure
via: GSMArena

  1. The source of vulnerability is swiftkey sdk being used by samsung for their stock keyboard which cannot be uninstalled by default.

    The question is how about those phones which was not made by samsung but use swiftkey, are they also open for attack?

  2. Inscecure websites?

    A typo I guess.

Leave a Reply

600M Samsung smartphones vulnerable to keyboard hack » YugaTech | Philippines Tech News & Reviews

Yearly Device Database

Smartphone pricelist Philippines 2024

Smartphone pricelist Philippines 2023

Smartphone pricelist Philippines 2022

Smartphone pricelist Philippines 2021

Smartphone pricelist Philippines 2020

Popular Topics

What We Do

YugaTech | Philippines Tech News & Reviews
© 2024. All Rights Reserved.