600 million Samsung Galaxy phones now at risk due to SwiftKey flaw
Security experts uncover Swiftkey vulnerability that puts 600 million Samsung Galaxy smartphones at risk.
A critical flaw in the default SwiftKey keyboard app in Samsung Galaxy smartphones puts more than 600 devices at risk, according to a new report.
Security company NowSecure has found vulnerabilities in the SwiftKey app that comes preinstalled on Samsung smartphones. Security researcher Ryan Welton discovered that the SwiftKey keyboard looked for language pack updates over unencrypted lines, in plain text. This could allow hackers to create a spoof proxy server and send malicious security updates to affected devices. Cyber criminals could also exploit the device to gain access to users' private data, including bank logins, text messages as well as remotely monitor users' movements.
The security firm uncovered the vulnerability in the app last year, and informed Samsung of the flaw in December 2014. Samsung has reportedly issued a patch to U.S. carriers, however NowSecure states that most carriers haven't rolled out the patch till now. NowSecure states that until patches are ready, Samsung smartphone users should be careful about what networks they’re using and should ask their carrier if a patch for the vulnerability is available. The company also states in its report that the risk was not found on the SwiftKey app found on Android and iOS official app stores. We've reached out to Samsung India with respect to the SwiftKey vulnerability and we will update this story when we get a comment.
Ryan Welton detailed the exploit at the Blackhat Security Summit in London and tested the vulnerability on a Samsung Galaxy S6 running on Verizon. A NowSecure spokesperson stated, “We can confirm that we have found the flaw still unpatched on the Galaxy S6 for the Verizon and Sprint networks, in off the shelf tests we did over the past couple of days.” NowSecure CEO Andrew Hoog stated that the flaw affected a majority of Samsung Android devices, including its flagship Galaxy S3, Galaxy S4, Galaxy S5, Galaxy Note 3 and Note 4.
A SwiftKey spokesperson said: “We’ve seen reports of a security issue related to the Samsung keyboard. We can confirm that the SwiftKey Keyboard apps available via Google Play or the Apple App Store are not affected by this vulnerability. We take reports of this manner very seriously and are currently investigating further.”
Source: NowSecure
Silky Malhotra
Silky Malhotra loves learning about new technology, gadgets, and more. When she isn’t writing, she is usually found reading, watching Netflix, gardening, travelling, or trying out new cuisines. View Full Profile