Know why 6 million Samsung phone users are in trouble

Advertisement
Know why 6 million Samsung phone users are in trouble NowSecure, a Chicago-based mobile security company, has reported about a highly critical vulnerability that arises from SwiftKey keyboard which comes pre-installed on Samsung devices.
Advertisement

If we believe the reports, more than 600 million Samsung mobile device users, which even include the recently-released Galaxy S6, have been left exposed to this risk.

At the Black Hat security conference in London, Ryan Welton, who is working as a mobile security specialist at NowSecure, demonstrated that the pre-installed SwiftKey app can be tricked to download language pack updates over unencrypted connection in plain text. And therefore, it’s easy to take control of the smartphone by injecting malicious code in it.

A TOI Tech report revealed that the flaw enables a hacker to remotely access sensors and resources like GPS, camera and microphone. The hacker can secretly install malicious app(s) without the user knowing. He can even tamper with how other apps work or how the phone works and eavesdrop on incoming/outgoing messages or voice calls. And lastly, the hacker can give attempt to access sensitive personal data like pictures and text messages.

NowSecure claims that in November 2014, it informed Samsung about this vulnerability. As per numerous reports, the South Korea tech giant had given a patch to mobile operators across the globe, but it’s still unclear if carriers have passed the fix to all users.

Advertisement

The list of affected devices includes Galaxy S6, Galaxy S5, Galaxy S4 and Galaxy S4 Mini, however, NowSecure cautions that this is not an all-inclusive list of impacted devices.

As per a statement issued by the South Korean multinational conglomerate, “Samsung takes emerging security threats very seriously. We are aware of the recent issue reported by several media outlets and are committed to providing the latest in mobile security.

It further stated, “Samsung KNOX has the capability to update the security policy of the phones, over-the-air, to invalidate any potential vulnerabilities caused by this issue. The security policy updates will begin rolling out in a few days. In addition to the security policy update, we are also working with SwiftKey to address potential risks going forward.”

On the other hand, asserting that this vulnerability is unrelated to and does not affect our SwiftKey consumer apps on Google Play and the Apple App Store, SwiftKey said, “We supply Samsung with the core technology that powers the word predictions in their keyboard. It appears that the way this technology was integrated on Samsung devices introduced the security vulnerability. We are doing everything we can to support our long-time partner Samsung in their efforts to resolve this important security issue.” (Image: The Times of India)