Major Security Flaw Likely Impacts 600 Million Samsung Galaxy Phones

Worldwide Business Times reports that the vulnerability was discovered by Ryan Welton, a security researcher for NowSecure.

SwiftKey comes pre-installed on many Samsung devices and cannot be disabled or removed – an alternative keyboard can be used, but even then the phone will still receive updates to its SwiftKey keyboard.

This vulnerability essentially allows hackers to plant content on the devices that could monitor your usage, access your information or even get hold of images and other media if necessary. By doing so, the attacker could access phone sensors such as the GPS, camera and microphone, install malicious apps, eavesdrop on calls, and access personal data such as pictures and text messages. To combat the situation Samsung reportedly issued patches to mobile phone operators, but it’s hard decipher whether carriers made these patches available to customers, said NowSecure. If you’re a Samsung user, there’s a legitimate choice that will not require you meddling with your device – it’s called Game Recorder+.

SwiftKey on its part has tried to calm concerned Samsung phone users saying the vulnerability is not easy to exploit.

This is due to the unencrypted connection the keyboard app uses when looking for new language pack updates.

“The vulnerability is triggered automatically (no human interaction) on reboot as well as randomly when the application decides to update [its language packs]”, the US-based security firm said.

In the meantime NowSecure has given Samsung users advice including avoiding Wi-Fi networks that aren’t secure.

SwiftKey, on its part, tried to assuage the fears of Samsung device owners by saying, “We’ve seen reports of a security issue related to the Samsung keyboard”. Welton also told Forbes that “Fully remote attacks are also feasible by hijacking the Domain Name System (DNS), the network layer that directs user traffic to the right website after they ask to visit a particular URL, or by compromising a router or internet service provider from afar”.

Mobile gamers can now record their game play through the new Game Recorder+ app which is available at Google Play and at the Galaxy App store for free.


p style=”text-align: center;”>The Galaxy S7 will appear in the last week of February 2016


Add Comment