Samsung Galaxy Keyboard Hack: Up to 600 Million Devices Could be in Danger
A new security vulnerability discovered in Samsung Galaxy devices could put up to 600 million devices in danger of being hacked, according to The Independent.
Hackers could access the camera, listen to the microphone, read users' texts and even install apps, according to researchers.
Samsung has yet to come up with a fix for the problem and there is not much that owners of Samsung Galaxy smartphones can do to avoid the hack, besides staying off unsecure wireless networks.
The issue that led to the hack is a vulnerability with the default keyboard installed on the Samsung Galaxy, called SwiftKey. The SwiftKey software routinely asks servers if it needs to be updated. Hackers are able to interrupt its request to servers and then send malicious code to the phone.
Even if Galaxy users are not using the keyboard, SwiftKey is still making requests to servers for upgrades. SwiftKey is used on other Android phones too, but those seem to be unaffected by this hack. This hack seems to be only affecting Samsung's version of the SwiftKey software.
Normally these "man in the middle attacks" are prevented by encrypting communication with the server. Additionally, protections are usually in place to prevent malicious code from getting too deep into the phone. However, Samsung has given the SwiftKey software special permissions and this means that hackers can easily get by these protections.
Models of the Samsung Galaxy that could be affected by this exploit are the S6 and the S4 Mini. Other Galaxy smartphones that use the SwiftKey could be affected as well.
The vulnerability in the Galaxy SwiftKey software was discovered by Ryan Welton, mobile security specialist at NowSecure, according to GSM Arena.
SwiftKey said through a statement that their software available for download for Android and iOS devices is not affected, just the pre-installed Galaxy version of it.
"We supply Samsung with the core technology that powers the word predictions in their keyboard," a SwiftKey statement said. "It appears that the way this technology was integrated on Samsung devices introduced the security vulnerability. We are doing everything we can to support our long-time partner Samsung in their efforts to resolve this obscure but important security issue."
Subscribe to Latin Post!
Sign up for our free newsletter for the Latest coverage!