Subscribe

Is your Samsung Galaxy vulnerable to hackers?

Over 600 million Samsung Galaxy phones have a flaw in the keyboard software that may allow hackers to take almost full control of the phone, says a cybersecurity firm.

  • close
    In this April 10, 2015 file photo, a salesperson demonstrates the new Samsung Galaxy S6 Edge smartphone. Cybersecurity firm NowSecure revealed a flaw in the Samsung Galaxy keyboard that leaves the phone open to hackers.
    Eric Risberg/AP/File
    View Caption
  • About video ads
    View Caption
of

A flaw discovered in several Samsung Galaxy smartphone models has left more than 600 million phones vulnerable to hacking, cybersecurity firm NowSecure says.

According to the NowSecure report, the entry point for hackers lies in the phones' pre-installed keyboard software. The flaw would allow attackers to eavesdrop on calls, tamper with apps, copy messages and photos, and gain access to the phone’s GPS, camera, and microphone – all without the user’s knowledge.

Mobile-security researcher Ryan Welton discovered the problem last November, according to the Wall Street Journal. Often, when security researchers find a security flaw in a system, they alert the company to give them a chance to fix it before bringing the vulnerability to public attention. NowSecure notified Samsung of the problem in November.

NowSecure CEO Andrew Hoog told the Journal that at the end of December that Samsung had requested a year to fix the flaw, which NowSecure thought was too long. If security researchers had found the bug, malicious hackers may have found it, or may eventually find it, too.

The two companies were in discussion until March, when Samsung released to wireless carriers a software update to fix the problem. At that time Samsung agreed to let NowSecure make the issue public after three months.

With the new update, NowSecure says the problem persists on the devices it has tested, a list of which can be found in the report, possibly due to delays by wireless carriers in pushing out the software patch, or reluctance by users to update the software on their smartphones.

Mr. Welton wrote in a blog post that while it is impossible to eliminate the keyboard app containing the problem, there are several things users can do to limit their risk.

“Unfortunately, the flawed keyboard app can’t be uninstalled or disabled,” he wrote. “Also, it isn’t easy for the Samsung mobile device user to tell if the carrier has patched the problem with a software update. To reduce your risk, avoid insecure Wi-Fi networks, use a different mobile device, and contact your carrier for patch information and timing.”

SwiftKey, the company that provided Samsung with the technology for the word prediction function on the keyboard app, released a statement saying the flaw has no effect on the company’s apps on Google Play and Apple App Store.

SwiftKey also said hacking a phone through the keyboard flaw would be a challenge, requiring the attacker to have the right tools at the right time.

“The vulnerability in question is not easy to exploit: a user must be connected to a compromised network (such as a spoofed public Wi-Fi network), where a hacker with the right tools has specifically intended to gain access to their device. This access is then only possible if the user’s keyboard is conducting a language update at that specific time, while connected to the compromised network.”

Mr. Hoog told the Wall Street Journal that while NowSecure, as of this week, has not found a successfully patched phone, to his knowledge no phones have fallen victim to hackers through the flaw yet.

About these ads
Sponsored Content by LockerDome
 
 
Make a Difference
Inspired? Here are some ways to make a difference on this issue.
FREE Newsletters
Get the Monitor stories you care about delivered to your inbox.
 

We want to hear, did we miss an angle we should have covered? Should we come back to this topic? Or just give us a rating for this story. We want to hear from you.

Loading...

Loading...

Loading...

Save for later

Save
Cancel

Saved ( of items)

This item has been saved to read later from any device.
Access saved items through your user name at the top of the page.

View Saved Items

OK

Failed to save

You reached the limit of 20 saved items.
Please visit following link to manage you saved items.

View Saved Items

OK

Failed to save

You have already saved this item.

View Saved Items

OK