NEW DELHI: Over 600 million Samsung mobile device users — including those of the recently-released Galaxy S6 — have been left exposed to a critical security risk. The exploit was recently demonstrated at the Black Hat security conference in London by Ryan Welton, a researcher with security firm NowSecure.
The security vulnerability arises from SwiftKey keyboard that comes pre-installed on a number of Samsung devices. The keyboard which cannot be disabled or uninstalled allows hackers easy access to users’ devices.
The flaw allows a hacker to remotely:
1) Access sensors and resources like GPS, camera and microphone.
2) Secretly install malicious app(s) without the user knowing.
3) Tamper with how other apps work or how the phone works.
4) Eavesdrop on incoming/outgoing messages or voice calls.
5) Give attempt to access sensitive personal data like pictures and text messages.
Hackers can exploit the vulnerability even when the Swift keyboard is not used as the default keyboard.
According to NowSecure, it informed the Korean tech-giant about the vulnerability in November 2014. Samsung reportedly gave a patch to mobile operators across the world; however, it is unclear if carriers have passed the fix to all users.
Also, Samsung reportedly asked NowSecure to wait for three months before going public with the vulnerability.
The list of affected devices includes Galaxy S6, Galaxy S5, Galaxy S4 and Galaxy S4 Mini, however, NowSecure cautions that this is not an all-inclusive list of impacted devices.
Originating Source: Times of India