If you own a Samsung Galaxy smartphone you are more than likely vulnerable to the prying eyes and ears of hackers. A security flaw in the Galaxy allows hackers to install malware on your phone and listen in on your phone calls.
Security Firm NowSecure discovered that a bug in the Swift keyboard, which comes pre-installed on 600 million Samsung Galaxy phones, is responsible for the vulnerability. According to ZDNet.com, hackers can gain access to GPS, camera, microphone, photos, and text messages. They can also install malicious apps on the phone, change how the phone works, and eavesdrop on calls.
Little can be done about the flaw because the Swift keyboard cannot be uninstalled. Samsung learned about the flaw in December of 2014 and released a patch in March of 2015 to network operators, according to Mashable. However, it is not known how many of the network operators provided the patch to their users. Even if carriers provide the update, many users don’t bother to install it. NowSecure has yet to find a Samsung Galaxy that has been patched.
NowSecure CEO Andrew Hoog said that his company “had some heartburn” about the delay in releasing a patch, according to The Wall Street Journal. He worried that if his researchers found the bug, hackers would too. Right now, it doesn’t appear as if the vulnerability has been exploited in the wild but it is only a matter of time before hackers take advantage of this.
Any Samsung Galaxy that contains the Swift keyboard is affected including the S6, S5, S4, and S4 mini. Users should install the update if it is available. If not, users should avoid unsecured Wi-Fi connections or use a different phone temporarily.
Update: On Thursday, June 18th, Samsung announced that it would supply an update to fix the vulnerability. The update will roll out over the next few days and will be available to Samsung Galaxy S4’s and later models, according to PC World. These models have the Knox security platform and can receive automatic updates so be sure to turn automatic updating on if it isn’t already. For earlier models, such as the S3, a fix is in the works and will be available soon,