Chicago-based mobile security company, NowSecure, has published a report that over 600 million Samsung smartphones, including the Galaxy S6, are affected by a security flaw in a pre-installed keyboard that, if left unpatched, can allow an attacker to remotely access the phone and install malware.
The security risk comes from the pre-installed system-level SwiftKey Keyboard app (which SwiftKey refer to as the “Samsung stock keyboard using the SwiftKey SDK”) on Samsung devices. According to NowSecure, “a remote attacker capable of controlling a user’s network traffic can manipulate the keyboard update mechanism on Samsung phones and execute code as a privileged (system) user on the target’s phone.” In addition, the pre-installed app cannot be disabled or uninstalled, installing the Play Store version does not remove the vulnerability, and can still be exploited even when it is not used as a default keyboard.
Here are some of the things an attacker could do with the keyboard exploit:
NowSecure notified Samsung of the security flaw in December 2014 as well as the Google Android security team. Samsung started providing a patch to mobile network operators in early 2015, however, it is still unknown how many devices remain vulnerable and that it is difficult for the user to know if the carrier has already patched the problem. For now, NowSecure suggests the following to reduce the risk of an attack on your device:
For more details about the report, hit the source link below.
YugaTech.com is the largest and longest-running technology site in the Philippines. Originally established in October 2002, the site was transformed into a full-fledged technology platform in 2005.
How to transfer, withdraw money from PayPal to GCash
Prices of Starlink satellite in the Philippines
Install Google GBox to Huawei smartphones
Pag-IBIG MP2 online application
How to check PhilHealth contributions online
How to find your SIM card serial number
Globe, PLDT, Converge, Sky: Unli fiber internet plans compared
10 biggest games in the Google Play Store
LTO periodic medical exam for 10-year licenses
Netflix codes to unlock hidden TV shows, movies
Apple, Asus, Cherry Mobile, Huawei, LG, Nokia, Oppo, Samsung, Sony, Vivo, Xiaomi, Lenovo, Infinix Mobile, Pocophone, Honor, iPhone, OnePlus, Tecno, Realme, HTC, Gionee, Kata, IQ00, Redmi, Razer, CloudFone, Motorola, Panasonic, TCL, Wiko
Best Android smartphones between PHP 20,000 - 25,000
Smartphones under PHP 10,000 in the Philippines
Smartphones under PHP 12K Philippines
Best smartphones for kids under PHP 7,000
Smartphones under PHP 15,000 in the Philippines
Best Android smartphones between PHP 15,000 - 20,000
Smartphones under PHP 20,000 in the Philippines
Most affordable 5G phones in the Philippines under PHP 20K
5G smartphones in the Philippines under PHP 16K
Smartphone pricelist Philippines 2024
Smartphone pricelist Philippines 2023
Smartphone pricelist Philippines 2022
Smartphone pricelist Philippines 2021
Smartphone pricelist Philippines 2020
bern says:
The source of vulnerability is swiftkey sdk being used by samsung for their stock keyboard which cannot be uninstalled by default.
The question is how about those phones which was not made by samsung but use swiftkey, are they also open for attack?
hcaseria says:
Inscecure websites?
A typo I guess.