Millions of Samsung devices across the world are under a security threat due to flaw in Swift keyboard that threatens to steal information and worse. The vulnerability affects most devices regardless of range and even latest model Galaxy S6 and S6 Edge are under threat. A flaw in Samsung’s inbuilt Swift keyboard’s enables hackers to install malware and steal your personal information like pictures and passwords and even call details.
A Chicago based web security firm NowSecure identified the vulnerability and posted a report to warn Samsung users about the threat.
“Over 600 million Samsung mobile device users have been affected by a significant security risk on leading Samsung models, including the recently released Galaxy S6. The risk comes from in-built keyboard that allows attackers to remotely execute code as a privileged (system) user.”
What’s at risk:
Malicious hackers can exploit the flaw to access your Samsung device’s sensors and resources like GPS, microphone and camera. It allows hackers to remotely install malware in your device that can steal your personal data, passwords, photos.
The vulnerability also gives away your mobile network details to cyber thieves who can spy on your call details, text message and voicemail.
Is there a fix:
Apparently, NowSecure’s Ryan Welton uncovered the flaw back in December 2014 and immediately reported it to Samsung and Google Android Security team. The report says that Samsung started rolling out the patch on devices but sadly that’s not enough.
Since the flaw can also corrupt network details a patch from mobile network provider is also needed to fix the vulnerability. NowSecure says that its highly uncertain if mobile careers around the world have released a fix for the problem.
Can you prevent it?
Sadly, there is practically nothing one can do to prevent the device as Swiftkey cannot be uninstalled. To further exacerbate the situation it’s very hard for Samsung users to detect if there network provider has issues a patch.
Your best bet in this scenario would be avoid using insecure Wi-Fi and personally contact your network carrier to know about the fix.