If security is breached, an attacker would be able to access the camera and microphone, secretly install apps, access pictures and listen in on phone calls. The potential weak spot is down to a flaw in the Swift keyboard software that comes pre-installed on Samsung phones, included the flagship Galaxy S6.
More specifically, it revolves around updates provided to Samsung by SwiftKey, the British virtual keyboard company, and how Samsung applies them into the pre-installed software. SwiftKey provides data on what users are talking about on their phones, which is used to improve the typing experience on Samsung phones.
However, an error in how Samsung integrates this information could leave phones open to attacks, according to security company NowSecure. NowSecure says it told Samsung about the flaw months ago, and that the Korean manufacturer has attempted to fix it, but that many smartphones are still vulnerable. It recently bought popular devices off the shelf, and found they could still be hacked into.
The flaw becomes a major problem if users log on to unsecured Wi-Fi networks, which are then used by the keyboard software to install SwiftKey’s updates. At this point, a hacker could exploit the vulnerability to install their own code. Since the SwiftKey updates are given a privileged position on the devices, they are able to take control of important functions on the phone.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now