TORONTO – Samsung is working on a security update for its Galaxy smartphone line after researchers discovered a massive security flaw that could allow hackers to take control of a user’s phone and access private data stored on the device.
U.S. security firm NowSecure published a report this week revealing that a bug in the Swift keyboard software – which is pre-installed on more than 600 million Samsung devices – could allow attackers to secretly install malicious apps on a user’s phone without their knowledge. If a hacker successfully exploited the flaw, it would allow them to access the device’s camera and microphone, eavesdrop on phone calls and access private data, including photos and text messages.
“Samsung takes all security threats very seriously. There have been reports that there is vulnerability when keyboard updates are carried out on Galaxy devices. We are aware of this issue and are committed to providing the latest in security on all of our devices,” read a statement issued Thursday.
In a blog post, Samsung downplayed the severity of the flaw, noting that in order for an attacker to exploit the vulnerability the user and the hacker would have to be on the same unprotected network while downloading a SwiftKey update.
READ MORE: What you need to know about the Samsung SwiftKey security flaw
The smartphone maker also noted there have been no reported customer cases of devices being compromised since NowSecure published its report on the vulnerability. However, Samsung did not specify whether or not there had been any reported cases.
“As the reports indicate, the risk does exist and Samsung will roll out a security policy update in the coming days,” read the company’s statement. “In addition to the security policy update, we will continue to work with related parties such as SwiftKey to address potential risks going forward.”
The flaw could affect as many as 600 million devices, including Samsung’s most recent device the Galaxy S6, by NowSecure’s estimates. The list of devices affected includes the Galaxy S6, S5, S4 and S4 Mini.
According to Samsung, a fix for the flaw will be available to users through its Knox security platform – available on all of Samsung’s flagship Galaxy smartphones since the Galaxy S4. Users must make sure they have their device set to automatically receive security policy updates. When the fix is available, users will be prompted to agree to the security update.
However, the vulnerability does affect devices that do not support the Knox security platform, like the Galaxy S3.
Samsung said it is also working on a firmware update for those devices.
In the meantime, security experts recommend staying off of unsecured public Wi-Fi connections if your device is affected by the flaw. Typically, free public networks offer little to no security, which makes them a hot bed for hackers looking to exploit flaws like this one.
Comments