If your rocking a Samsung smartphone, you could be vulnerable to hackers, thanks to a preinstalled keyboard on your device.
The vulnerability was discovered by Ryan Welton from mobile security specialists NowSecure. The issue is with the preinstalled Swift keyboard which looks for language pack updates over an unencrypted line. Welton found that a hacker could create a spoof proxy server and send a fake update to the device with malicious code. The hacker could then exploit the device by eavesdropping on incoming and outgoing messages or voice calls, access personal data such as pictures or text messages, tamper with apps, and even install other malicious apps.
Chances are very slim that a hacker who knows about this security flaw will be at your local Starbucks at the same exact time as you.
Welton first discovered the flaw last year and subsequently notified Samsung in December 2014. Samsung immediately worked on a patch and sent updates to various carriers for devices running Android 4.2 or higher in March 2015. However, it’s unknown whether these patches have made their way to devices. Carriers are notorious for taking their time with updates due to their so-called rigorous testing for bugs.
Unfortunately, there is no other fix because users can’t simply uninstall the Swift app — one of the not so joyous benefits of carrier bloatware. Users are still vulnerable even when Swift isn’t set as the default keyboard.
What’s even scarier about this vulnerability is it even affects the Galaxy S6, which was released in April. Welton detailed this security flaw earlier today at the Blackhat Security Summit in London. He stated that he was able to hack into a Galaxy S6 running on Verizon Wireless. “We can confirm that we have found the flaw still unpatched on the Galaxy S6 for the Verizon and Sprint networks, in off the shelf tests we did over the past couple of days,” a NowSecure spokesperson confirmed.
According to the NowSecure website, it’s likely that the Galaxy S4 Mini, Galaxy S4, Galaxy S5, and Galaxy S6 are all affected, but it’s unclear which carrier-specific models received updates. The site only mentions U.S. carriers, so we aren’t sure if owners of international variants need to be worried.
Now before everyone with a Samsung phone goes into a panic attack, we need to point out that chances are rare that your device will be attacked through this vulnerability. A hacker can only use this method via a public Wi-Fi network, like those found at a coffee shop, hotel, or other public spaces. More importantly, a hacker has to have knowledge of this exploit and has to be on the same network as you. Chances are very slim that a hacker who knows about this security flaw will be at your local Starbucks at the same exact time as you.
Nevertheless, a security flaw should never be taken lightly, so NowSecure recommends staying away from public Wi-Fi networks if you have one of these Samsung devices. That might be easier said then done, though, especially for those who are on capped data plans and don’t want to use their carrier’s mobile network all day. The other thing you can do is contact your carrier and demand that your phone gets updated with the patch if it hasn’t already.