Home » News » Mobile Phones » 600 million Samsung Galaxy phones now at risk due to SwiftKey flaw

600 million Samsung Galaxy phones now at risk due to SwiftKey flaw

By Silky Malhotra | Updated on 17-Jun-2015
Silky Malhotra Silky Malhotra
17 Jun 2015 12:01
HIGHLIGHTS

Security experts uncover Swiftkey vulnerability that puts 600 million Samsung Galaxy smartphones at risk.

A critical flaw in the default SwiftKey keyboard app in Samsung Galaxy smartphones puts more than 600 devices at risk, according to a new report.

Security company NowSecure has found vulnerabilities in the SwiftKey app that comes preinstalled on Samsung smartphones. Security researcher Ryan Welton discovered that the SwiftKey keyboard looked for language pack updates over unencrypted lines, in plain text. This could allow hackers to create a spoof proxy server and send malicious security updates to affected devices. Cyber criminals could also exploit the device to gain access to users' private data, including bank logins, text messages as well as remotely monitor users' movements.

The security firm uncovered the vulnerability in the app last year, and informed Samsung of the flaw in December 2014. Samsung has reportedly issued a patch to U.S. carriers, however NowSecure states that most carriers haven't rolled out the patch till now. NowSecure states that until patches are ready, Samsung smartphone users should be careful about what networks they’re using and should ask their carrier if a patch for the vulnerability is available. The company also states in its report that the risk was not found on the SwiftKey app found on Android and iOS official app stores. We've reached out to Samsung India with respect to the SwiftKey vulnerability and we will update this story when we get a comment.

Ryan Welton detailed the exploit at the Blackhat Security Summit in London and tested the vulnerability on a Samsung Galaxy S6 running on Verizon. A NowSecure spokesperson stated, “We can confirm that we have found the flaw still unpatched on the Galaxy S6 for the Verizon and Sprint networks, in off the shelf tests we did over the past couple of days.” NowSecure CEO Andrew Hoog stated that the flaw affected a majority of Samsung Android devices, including its flagship Galaxy S3, Galaxy S4, Galaxy S5, Galaxy Note 3 and Note 4.

A SwiftKey spokesperson said: “We’ve seen reports of a security issue related to the Samsung keyboard. We can confirm that the SwiftKey Keyboard apps available via Google Play or the Apple App Store are not affected by this vulnerability. We take reports of this manner very seriously and are currently investigating further.”

Source: NowSecure

Silky Malhotra

Silky Malhotra

Silky Malhotra loves learning about new technology, gadgets, and more. When she isn’t writing, she is usually found reading, watching Netflix, gardening, travelling, or trying out new cuisines. View Full Profile

New Mobiles
Apple IPhone 15Redmi 12 5GRealme 11 Pro+ 5GApple IPhone 15 PlusNothing Phone 2
Top-10s
Best Mobile Phones under 15,000Best Mobile Phones under 20,000Best Mobile Phones Under 10,000Best Mobile PhonesBest 5G Mobile Phones
Terms of Use Privacy Policy About Us Advertise with us Contact Us SiteMap Current / Past Issue Magazine Subscription
9.9 Group

Digit.in is one of the most trusted and popular technology media portals in India. At Digit it is our goal to help Indian technology users decide what tech products they should buy. We do this by testing thousands of products in our two test labs in Noida and Mumbai, to arrive at indepth and unbiased buying advice for millions of Indians.

We are about leadership – the 9.9 kind Building a leading media company out of India. And, grooming new leaders for this promising industry.

logo logo logo logo logo logo
Copyright © 2007-24 9.9 Group Pvt.Ltd.All Rights Reserved.
Digit.in
Logo
Digit.in
Logo