NowSecure has reported about a critical vulnerability in the keyboard software that comes pre-loaded on Samsung Galaxy series phones. If exploited, a hacker can gain access to the phone, remotely monitor it, install malware, or even steal personal data. As per the report, over 600 million Samsung smartphones that have SwiftKey keyboard pre-loaded have been exposed.
Ryan Welton, mobile security specialist at NowSecure, found that the pre-installed SwiftKey app can be tricked to download language pack updates over unencrypted connection in plain text. Thus in the pretence of language packs, malicious code can be injected to take control of the smartphone.
Once that code provides access to the attacker, the phone’s data, messages, and everything is exposed without leaving even a hint to the user.
Samsung was informed in November 2014 by NowSecure and the Korean company reportedly handed over a patch to the mobile operators across the world. However, there are millions of Samsung devices with SwiftKey, still vulnerable via this loophole.
For now, only the pre-installed SwiftKey app is vulnerable, not the ones from Google Play Store or Apple iOS Store. There is no way one can uninstall SwiftKey from the Samsung’s Galaxy range of devices since the app has been whitelisted and deemed to be native. Till there is a patch released for the Samsung phones, it is advisable to use Google Keyboard or any other third party keyboard in the mean time.Source
poor shamesung what a noob phone
oh wait now who also has a non pitiful user removable batteries? s6 and s6 edge?? hehe
Shamesung? Lol, bet you're an iPhone user who can't remove you pitiful battery when it dies after a couple of months. Not to mention, anyone can have their phone hacked under a non secure wifi network, another story which has been blown out of propor...