As many as 600 million Samsung Galaxy smartphones may have a software flaw allowing hackers to eavesdrop on phone calls and voicemail, read texts, turn on the microphone and view private photos, according to a new report from a security firm.
Hackers are able to access the private information of some Galaxy S4, S5, and S6 users through a vulnerability in the devices’ pre-installed SwiftKey keyboard predictive text technology, according to the report from U.S. based security firm NowSecure.
Ryan Welton, a security researcher with NowSecure, wrote in a blog post that the company first notified Samsung in December 2014 of the flaw, along with the United States Computer Emergency Readiness Team (CERT) and Google’s Android security team.
Welton said the company began issuing patches to mobile providers at the start of 2015. He said it was unknown whether some carriers provided the patches and how many devices may still be vulnerable.
The security hole occurs when the device’s keyboard updates — giving hackers who are in the right place at the right time the opportunity to infiltrate a vulnerable device, according to NowSecure’s research.
A Samsung spokesperson told ABC News in an email the coming “takes emerging security threats very seriously.”
“Samsung Knox has the capability to update the security policy of the phones, over-the-air, to invalidate any potential vulnerabilities caused by this issue. The security policy updates will begin rolling out in a few days,” the spokesperson said. “In addition to the security policy update, we are also working with Swiftkey to address potential risks going forward.”
The vulnerability is not related to SwiftKey’s consumer apps in both the Google Play and Apple App Store.
“We supply Samsung with the core technology that powers the word predictions in their keyboard,” a statement posted on SwiftKey’s website today said. “It appears that the way this technology was integrated on Samsung devices introduced the security vulnerability. We are doing everything we can to support our long-time partner Samsung in their efforts to resolve this important security issue.”
NowSecure recommends Galaxy users protect themselves by avoiding unsecured WiFi networks and asking their mobile provider for information about a security patch.
Source: ABC News – Technology Samsung Galaxy: What You Need to Know About Security Risk