Hacked off: Samsung devices fall victim to serious hacking threat

Alex Yau
June 18, 2015

Bad news for Samsung owners. Hackers can snoop around your phone by exploiting a vulnerability on Samsung’s default keyboard, according to the Independent. 

Researchers from NowSecure discovered that the hackers can potentially access the phone’s camera, read text messages, install apps and use the microphone to hear what you’re up to.

This security issue has been caused by a flaw in Samsung’s IME keyboard, which is used by every Galaxy smartphone. The keyboard’s main component is supplied by third party keyboard maker SwiftKey.

Samsung statement

Samsung has issued a statement to Tech Radar acknowledging that it’s trying to fix this security flaw. They also emphasised that its Knox software has made Galaxy S4 handsets and above safe.

“Samsung takes emerging security threats very seriously. We are aware of the recent issue reported by several media outlets and are committed to providing the latest in mobile security.

“It is important to note that the phone’s core functions (kernel) were not affected by the reported issue due to the protection of the Samsung KNOX platform in all S4 models and above.

“Samsung KNOX also has the capability to update the security policy of the phones, over-the-air, to invalidate any remaining potential vulnerabilities caused by this issue. The security policy updates will begin rolling out in a few days.

“In addition to the Security Policy update, we are also working with SwiftKey to address potential risks going forward.”

Swiftkey statement

Swiftkey has also released a statement, which reads: “This vulnerability is unrelated to and does not affect our SwiftKey consumer apps on Google Play and the Apple App Store.

“We supply Samsung with the core technology that powers the word predictions in their keyboard. It appears that the way this technology was integrated on Samsung devices introduced the security vulnerability.

“We are doing everything we can to support our long-time partner Samsung in their efforts to resolve this important security issue.”

“The vulnerability in question is not easy to exploit: a user must be connected to a compromised network (such as a spoofed public Wi-Fi network), where a hacker with the right tools has specifically intended to gain access to their device.

“This access is then only possible if the user’s keyboard is conducting a language update at that specific time, while connected to the compromised network.”

For more on Samsung, visit What Mobile’s dedicated Samsung page.

About the Author

Share this article