600 million Samsung Galaxy smartphones could get hacked due to SwiftKey vulnerability

Samsung Galaxy.jpg

NowSecure recently reported that a security vulnerability found in the default SwiftKey keyboard app pre-loaded on some Samsung Galaxy smartphones could put said smartphones at risk. Since this includes more than 600 million devices, this is quite a big thing. According to NowSecure, they informed Samsung last year in December but while Samsung have released the patch, not all distributors have rolled it out. The security vulnerability allows an attacker to remotely execute code as a privileged (system) user, allowing the attacker to steal confidential information or install a backdoor app or virus. The vulnerability is only accessible if you connect to an insecure Wifi network, something which quite a few people in Malaysia do at coffee shops. Since it is classified as a system app, SwiftKey cannot be uninstalled from your Samsung Galaxy smartphone and the vulnerability is still active even if you switch to a different app. Check out the NowSecure site for more details.

[Source