Samsung Keyboard Bug Leaves 600M Galaxy Phones Vulnerable To Hack

Samsung Keyboard Bug Leaves 600M Galaxy Phones Vulnerable To Hack
<a href="">webandi</a> / Pixabay

Users of Samsung Galaxy devices should take note of a new report regarding a security flaw that affects them.

The flaw apparently allows hackers to install malware on the Samsung devices, and even eavesdrop on calls. The worst part about the flaw is that there is nothing that can be done about it.

Abacab Fund Sees Mispricing In Options As Black-Scholes Has Become “Inadequate”

Abacab Asset Management's flagship investment fund, the Abacab Fund, had a "very strong" 2020, returning 25.9% net, that's according to a copy of the firm's year-end letter to investors, which ValueWalk has been able to review. Commenting on the investment environment last year, the fund manager noted that, due to the accelerated adoption of many Read More

Samsung provided patch for security flaw.

NowSecure, a security firm based in Chicago, claims that a bug in the Swift keyboard software can allow an attacker to use arbitrary code on the devices. The keyboard comes preinstalled on over 600 million Samsung devices.

Users of those devices may think that uninstalling the software will remove the problem, but it is impossible to do so. The flaw can also be used by hackers even when the software is not in use.

Swift has access to most of the functions on Samsung smartphones due to the fact that it is a privileged piece of software. An attacker can use the weakness to install malware, access the camera, microphone and GPS, listen in to calls and messages, influence the behavior of other apps and steal photos and messages.

NowSecure reportedly told Samsung about the flaw in December 2014, and the company released a patch to network operators in “early 2015.” It is not clear how many carriers passed the patch on to their users.

Low risk vulnerability on a huge number of devices

A long list of devices are potentially at risk, such as Samsung Galaxy S6, S5, S4 and S4 mini on major U.S. carriers. Owners of affected devices are advised to avoid using unsecured WiFi networks, or switch to an alternative device.

Do not confuse the pre-installed Swift software with the SwiftKey keyboard app which is available on Google Play. SwiftKey CMO Joe Braidwood told Mashable that the flaw is not related to the SwiftKey app.

“We supply Samsung with the core technology that powers the word predictions in their keyboard. It appears that the way this technology was integrated on Samsung devices introduced the security vulnerability,” he said in a statement.

Despite the huge number of affected devices, the vulnerability is a “low risk” one, according to Braidwood. “A user must be connected to a compromised network (…), where a hacker with the right tools has specifically intended to gain access to their device. This access is then only possible if the user’s keyboard is conducting a language update at that specific time,” he argues.

Previous article Alibaba Group Holding Ltd, Foxconn Invest $236M In SoftBank Robotics
Next article Keeley All Cap Value Fund 1Q15 Commentary
While studying economics, Brendan found himself comfortably falling down the rabbit hole of restaurant work, ultimately opening a consulting business and working as a private wine buyer. On a whim, he moved to China, and in his first week following a triumphant pub quiz victory, he found himself bleeding on the floor based on his arrogance. The same man who put him there offered him a job lecturing for the University of Wales in various sister universities throughout the Middle Kingdom. While primarily lecturing in descriptive and comparative statistics, Brendan simultaneously earned an Msc in Banking and International Finance from the University of Wales-Bangor. He's presently doing something he hates, respecting French people. Well, two, his wife and her mother in the lovely town of Antigua, Guatemala. <i>To contact Brendan or give him an exclusive, please contact him at [email protected]</i>

No posts to display