Technology News

Over 600 Million Samsung Mobile Devices Affected by SwiftKey Security Flaw: Report

By Ketan Pratap | Updated: 18 June 2015 16:36 IST
Over 600 Million Samsung Mobile Devices Affected by SwiftKey Security Flaw: Report
Advertisement
NowSecure, a Chicago-based mobile security company, has claimed that several Samsung Galaxy models are plagued with a keyboard security flaw that can allow an attacker remotely execute code as a system user.
(Also see: Samsung Says SwiftKey Keyboard Security Flaw Patch Coming in a Few Days)

According to the company, the security risk in over 600 million Samsung mobile devices have been caused due to the pre-installed Samsung IME keyboard app developed by SwiftKey, which cannot be uninstalled or disabled. The company has listed some of the impacted Samsung devices which include the flagships Galaxy S6, Galaxy S5, Galaxy S4, and even the Galaxy S4 mini. NowSecure claims that even when SwiftKey keyboard app is not used as the default keyboard - it can still be exploited.

The SwiftKey keyboard flaw can allow an attacker to remotely access sensors (including features such as GPS, camera, and microphone); secretly install malicious app without the user knowing and fiddle with how other apps function, or how the smartphone works. The security flaw can also allow an attacker to eavesdrop on incoming/ outgoing messages or voice calls while can allow access to personal data such as images and text messages.

samsung_galaxy_s5_swiftkey_keyboard_flaw_nowsecure.jpg

The flaw was discovered by NowSecure mobile security researcher Ryan Welton and was reported to Samsung in December last year. The company also claims that Computer Emergency Response Teams (CERT) was also notified about the security flaw "given the magnitude of the issue."

The mobile security company suggests that Samsung started providing a patch to mobile network operators in early 2015; though it is unknown whether the carriers released the patch to the devices on their network.

Detailing how an attacker could access the vulnerability, NowSecure notes, "The attack vector for this vulnerability requires an attacker capable of modifying upstream traffic. The vulnerability is triggered automatically (no human interaction) on reboot as well as randomly when the application decides to update. This can include geographically proximate attacks such as rogue Wi-Fi access points or cellular base stations, or attacks from local users on a network, including ARP poisoning. Fully remote attacks are also feasible via DNS Hijacking, packet injection, a rogue router or ISP, etc."

NowSecure suggests users can avoid insecure Wi-Fi networks, use a different mobile device, or contact carriers for patch information and timing, to negate the risks.

In the meanwhile, SwiftKey in a emailed statement to NDTV Gadgets defended itself, saying the SwiftKey app available on Google Play and App Store has no such security flaw.

The company added that while SwiftKey supplies Samsung with the 'core technology' to power word predictions on its keyboards, it "appears the way this technology was integrated on Samsung devices introduced the security vulnerability." SwiftKey said it is working with "long-time partner" Samsung to resolve the issue.

The statement added that the vulnerability is difficult to exploit, and only possible if the Samsung device user is connected to a compromised network (such as a spoofed public Wi-Fi network) and the device is undergoing a language update at the same time. The hacker would also require the right tools specifically intended to gain access to the device.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Android, Apps, Mobiles, Samsung, Samsung Mobiles, SwiftKey, SwiftKey App
Ketan Pratap
Ketan Pratap
Ketan Pratap is the editor at Gadgets 360 - with over 12 years of experience covering the technology domain. With a breadth and depth of knowledge in the field, he's done extensive work across news, features, reviews, and opinion pieces. But what's truly inspiring about Ketan is how he spends his free time. He's often found gazing at snow-capped mountains from over 20,000 feet while sitting on the hood of his car, taking in the breathtaking beauty of nature. His passion for the great ...More
Need for Speed, Bioshock, Flight Simulator X, More Games, Plus Other iOS and Android App Deals
In Return to Twitter, Jack Dorsey Aims to Follow Path of Steve Jobs

Related Stories

Over 600 Million Samsung Mobile Devices Affected by SwiftKey Security Flaw: Report
Comment
Share on Facebook Gadgets360 Twitter Share Tweet Snapchat Share Reddit Comment google-newsGoogle News
 
 

Advertisement

Featured
Follow Us
Latest Videos
More Videos
Tech News in Hindi
More Technology News in Hindi

Advertisement

Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. Samsung Galaxy C55 With Snapdragon 7 Gen 1 SoC Goes Official: See Price
  2. Redmi Buds 5A, Xiaomi Robot Vacuum Cleaner S10 and More Launched in India
  3. Lava ProWatch Zn With Bluetooth Calling, Heart-Rate Monitor Debuts in India
  4. Vivo X100 Ultra Said to Come With Vivo's Self-Developed Imaging Technology
  5. Google Pixel 8a Spotted Online in Blue, Green Colour Options: See Images
  6. Redmi Pad SE With 11-Inch Screen, Snapdragon 680 Debuts in India: See Price
  7. These Samsung Phones Facing Green Line Issue May Get Free Screen Replacement
  8. Boat Storm Call 3 With 1.83-Inch Display Launched in India: See Price
#Latest Stories
  1. Realme C65 5G Launch Set for April 26, Teased to Get MediaTek Dimensity 6300 SoC
  2. Redmi Buds 5A, Xiaomi Robot Vacuum Cleaner S10 and Xiaomi Handheld Garment Steamer Launched in India
  3. Star Wars Jedi Survivor Hits Xbox Game Pass via EA Play on April 25, Spotted on EA Play on PS5 in Some Regions
  4. Thailand Takes Decision to Ban Unlicenced Crypto Exchanges to Prevent Online Crime
  5. Meta Reveals Big Plans for Its Horizon OS, Will Expand It to Third-Party Mixed-Reality Headset Makers
  6. Lava ProWatch Zn With Gorilla Glass Protection, Heart-Rate Monitor Launched in India: Price, Features
  7. Redmi Pad SE With 11-Inch Display, Snapdragon 680 Chipset and Android 13-Based MIUI Pad 14 Launched in India
  8. PS5, PC Exclusive Helldivers 2 Under 'Very Early' Discussions Over Possible Xbox Launch: Report
  9. Apple Reportedly Acquires French AI Firm Working With On-Device AI and Computer Vision
  10. Samsung Galaxy C55 With Snapdragon 7 Gen 1 SoC, Leather Back Launched: Price, Specifications
Gadgets 360 is available in
Follow Us
Download Our Apps
App Store App Store
Available in Hindi
App Store
© Copyright Red Pixels Ventures Limited 2024. All rights reserved.
Trending Products »
Latest Tech News »