Samsung Galaxy: What You Need to Know About Security Risk

Two new Samsung phones, Galaxy S6, top left, and Galaxy S6 Edge, top right, are on display with choice of color selections at a special press preview, Monday, Feb. 23, 2015, in New York. Samsung officially unveiled the stylish new phones on Sunday, March 1, 2015, the eve of this week's Mobile World Congress wireless show in Barcelona, Spain. (AP Photo/Bebeto Matthews)

NEW YORK (ABC) — As many as 600 million Samsung Galaxy smartphones may have a software flaw allowing hackers to eavesdrop on phone calls and voicemail, read texts, turn on the microphone and view private photos, according to a new report from ABC News.

Hackers are able to access the private information of some Galaxy S4, S5, and S6 users through a vulnerability in the devices’ pre-installed SwiftKey keyboard predictive text technology, according to the report from U.S. based security firm NowSecure.

Ryan Welton, a security researcher with NowSecure, wrote in a blog post that the company first notified Samsung in December 2014 of the flaw, along with the United States Computer Emergency Readiness Team (CERT) and Google’s Android security team.
Welton said the company began issuing patches to mobile providers at the start of 2015. He said it was unknown whether some carriers provided the patches and how many devices may still be vulnerable.

The security hole occurs when the device’s keyboard updates — giving hackers who are in the right place at the right time the opportunity to infiltrate a vulnerable device, according to NowSecure’s research.

A Samsung spokesperson told ABC News in an email the coming “takes emerging security threats very seriously.”
“Samsung Knox has the capability to update the security policy of the phones, over-the-air, to invalidate any potential vulnerabilities caused by this issue. The security policy updates will begin rolling out in a few days,” the spokesperson said. “In addition to the security policy update, we are also working with Swiftkey to address potential risks going forward.”

The vulnerability is not related to SwiftKey’s consumer apps in both the Google Play and Apple App Store.
“We supply Samsung with the core technology that powers the word predictions in their keyboard,” a statement posted on SwiftKey’s website today said. “It appears that the way this technology was integrated on Samsung devices introduced the security vulnerability. We are doing everything we can to support our long-time partner Samsung in their efforts to resolve this important security issue.”

NowSecure recommends Galaxy users protect themselves by avoiding unsecured WiFi networks and asking their mobile provider for information about a security patch.

WTNH NEWS8 provides commenting to allow for constructive discussion on the stories we cover. In order to comment here, you acknowledge you have read and agreed to our Terms of Service. Commenters who violate these terms, including use of vulgar language or racial slurs, will be banned. Please be respectful of the opinions of others. If you see an inappropriate comment, please flag it for our moderators to review. Also, you can now block any inappropriate user by simple selecting the drop down menu on the right of any comment and selection "Block User" from there.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s