A security researcher has discovered a software bug in Samsung's default keyboard that has exposed more than 600 million smartphones to a possible risk of being hacked. Ryan Welton from NowSecure detailed the vulnerability of the SwiftKey keyboard pre-installed in millions of Samsung phones. Searching for language packs in the form of updates and downloading them does not take place over an encrypted connection, but is sent only as plain text.
Welton was thus able to exploit this vulnerability by creating a spoof-proxy server and sending malicious code to a vulnerable device along with data validation that ensured the malicious code remained on the device. Once Welton gained access to the compromised mobiles, he could immediately start using the devices without so that the user knows about it. If an attacker were to exploit the security flaw, they could potentially steal sensitive data that includes text messages, contacts, passwords or bank account logins. Not to mention that the bug could also be exploited to track users.
Samsung already commented on the mentioned problem last November and claimed that this error will be fixed on devices with Androidom 4.2 or later this March. Anyway, NowSecure says the flaw still exists, and Welton demonstrated it at the London Security Summit on smartphones Galaxy S6 from Verizon and thus drew attention to it again.
NowSecure's Andrew Hoog believes that the flaw can be exploited on some key and relatively recent devices such as Galaxy Note 3, Note 4, Galaxy S3, S4, S5 and so on Galaxy S6 and S6 edge. It's worth thinking about, because Welton says that even if a user doesn't use a Samsung keyboard, there's still a risk of sensitive data being misused and stolen because the keyboard can't be uninstalled.
Until Samsung issues an official fix, Welton recommends smartphone owners Galaxy very careful when using them on open WiFi networks that they do not recognize to minimize the chance of an attack. A potential hacker would have to be on the same network as the smartphone user in order to steal the data. Remote abuse would only be possible by seizing a DNS server that would contain data from a remote router, which fortunately is not easy either.
Samsung did not comment on the current situation.
*Source: SamMobile
