If you are a Samsung Galaxy owner, there is yet another worrying announcement – there is a security flaw that lets attackers install malware on to your device or, alternatively, eavesdrop on your phone calls.
Chicago-based security firm NowSecure has published a report that claims the bug lives in the SwiftKey keyboard software (The SDK Version only), which is installed on more than 600 million Samsung devices. It states the bug can allow a remote attacker, which is capable of controlling a user’s network traffic, to execute an arbitrary code on the user’s phone.
The security flaw concerns the SwiftKey keyboard software, which comes installed by default. More worrying is that there is no option to uninstall the SwiftKey keyboard, if it’s there, it’s there for good.
An unscrupulous individual can secretly install malware on a user’s device, access the camera, microphone and GPS, and listen in on calls and messages, change the way other apps behave and even steal photos and text messages.
NowSecure also claims it notified Samsung on this problem towards the end of last year. Samsung did provide a patch to amend the problem to network operators earlier in 2015 but it’s not known if this patch was made available to many users by the networks.
Potentially affected devices include the Samsung Galaxy Edge, S6, S5, S4 and the S4 mini.
As the software can’t be uninstalled, NowSecure have said the best way to tackle the situation is to avoid unsecured wifi networks, which is really a completely impractical bit of advice for most phone owners.
“We supply Samsung with the core technology that powers the word predictions in their keyboard. It appears that the way this technology was integrated on Samsung devices introduced the security vulnerability.”
– SwiftKey CMO Joe Braidwood.
SwiftKey also confirmed that the problem doesn’t affect the version of the app that can be manually downloaded from the app store.
There are already lists of over half a million infected Android phones that you can connect to and turn on their camera remotely that are available on Tor, so keep an eye on your phone, and if you see the camera light coming on, turn the phone off immediately and report it to your local police.