The security company NowSecure would verify a critical vulnerability on many Samsung devices sold by American operators that would grant access to the terminal an attacker.
NowSecure reported a critical vulnerability in the keyboard that comes pre-loaded on the smartphone of Samsung Galaxy family. If successfully exploited, an attacker can get access to the smartphone, monitor activity, steal personal data and also install malicious software remotely. According to reports by the security company, more than 600 million smartphones of Samsung would be at risk for hack the above flaw.
It is specifically a programming bug present in Samsung devices that have a native keyboard SwiftKey. This can be ” tricked ” to accept the download of fake update’s language packs through unencrypted connections. These updates may well contain malicious code that can be safely injected to gain control of the smartphone.
Once provided access to an attacker, the data stored in the phone can be at risk, including those relating to the phone, the address book, messages, remain exposed without the user can somehow know. Samsung has been informed of this vulnerability while in November 2014 and has since sent to telephone operators worldwide a series of corrective packages.
According NowSecure many Samsung devices with preinstalled SwiftKey are still vulnerable to this issue. Seem safe SwiftKey users who downloaded the keyboard from Google Play or from the App Store, for a bug that would only involve variants of the software that are offered natively on devices of the South Korean giant. Compounding the situation, we find it impossible to uninstall it from your smartphone.
NowSecure claims that the bug is also present on the latest devices of Korean society: ” We can confirm that we have found the flaw discovered yet on Galaxy S6 networks Verizon and Sprint in our tests we have conducted in the past few days, ” he revealed a company spokesman to Forbes. Among the vulnerable devices are also mentioned Galaxy S III, Galaxy S4, Galaxy S5, Galaxy Note 3 and Galaxy Note 4.
The security company recommends using the keyboard Google’s proprietary, or other keyboards available on Google Play Store, at least until it is released a patch to fix the vulnerability on the final SwiftKey.