600 million Samsung phones susceptible to hackers

A security fault in the preloaded Swift Key app has left over 600 million Samsung Galaxy smartphones susceptible to hackers.

According to the Now Secure, its mobile security researcher Ryan Welton uncovered the flaw and notified Samsung in December 2014. Due to the harshness of the issue, the Google Android security team was also informed. If the fault is browbeaten, the hacker can remotely:

– access sensors and resources like GPS, camera and microphone

– fit malicious app(s) without the user knowing

– interfere with how other apps work or how the phone works

– eavesdrop on incoming or outgoing messages or voice calls

– Attempt to access sensitive personal data like pictures and text messages

Actually, Samsung has issued a patch to mobile network operators early this year. It remains unknown whether telcos have issued the patches to the artificial Galaxy devices. As of 16th June, NowSecure states that the following Galaxy smartphones are affected:

– Galaxy S6

– Galaxy S5

– Galaxy S4

– Galaxy S4 Mini

It is noteworthy to mention that only the preloaded Swift Key app has the security flaw as the one on the Google Play Store is safe. Unhappily, users of these Galaxy models cannot uninstall the SwiftKey app. Now Secure recommends a few measures to limit the risks such as avoiding insecure Wi-Fi networks and using a different mobile device.

In response to this security flaw, Samsung has issued an official statement. It is rolling out security policy updates via Samsung Knox in a few days “to invalidate any potential vulnerability caused by this issue”. The company is also working with SwiftKey to resolve any potential risks going forward. Below is its official statement in full:

“Samsung takes emerging security threats very gravely. We are aware of recent subject reported by several media outlets and are committed to providing the latest in mobile security. Samsung Knox has capability to update the security policy of the phones, over-the-air, to nullify any potential vulnerability caused by this problem. The security policy updates will begin rolling out in the few days. In addition to the security policy update, we are also working with the SwiftKey to address potential risks going forward.”