SamMobile has affiliate and sponsored partnerships. If you buy something through one of these links, we may earn a commission. Learn more.

Keyboard vulnerability may have put millions of Samsung devices at risk


Last updated: June 16th, 2015 at 13:42 UTC+02:00

A security researcher has discovered a vulnerability in default keyboard software that could leave as many as 600 million Samsung mobile devices at risk of attackers, Ryan Welton from NowSecure detailed the vulnerability present on the SwiftKey keyboard pre-installed on millions of Samsung smartphones. The keyboard’s searches for language pack updates are not sent over encrypted lines rather they’re sent in plain text. Welton was thus able to exploit this vulnerability by creating a spoof proxy server and sending malicious security updates to affected devices coupled with validating data to ensure that the malicious code remained on the device. Once Welton got his foot in the proverbial door he could escalate the attack and continue to exploit the device without the user ever knowing about it.

If an attacker was exploiting this vulnerability they could potentially siphon sensitive data off the affected devices, data which may include text messages, contacts, passwords and bank logins not to mention that the vulnerability could also be used to remotely monitor users. Samsung was told about this issue back in November last year and it provided a fix for devices running Android 4.2 or higher earlier this year in March. However NowSecure is of the view that this exploit still exists, Welton demonstrated it today at the Blackhat Security Summit in London on a Verizon Galaxy S6 and claimed to have replicated it.

NowSecure CEO Andrew Hoog believes that this exploit affects some recent devices like the Galaxy Note 4, Note 3, Galaxy S3, S4, S5 as well as the Galaxy S6 and S6 edge. This is a dilemma for users because even if they don’t use SwiftKey as the default keyboard it can’t be uninstalled from the device and Welton says that it can still be exploited even when it’s not the default keyboard.

Until Samsung provides an official fix for this exploit Welton recommends that users be extra careful of using their handsets on networks that they’re not familiar with in order to limit the chances of a man-in-the-middle attack. Attackers have to be on the same wireless network as the device that they’re targeting, remote targeting is only possible by hijacking the DNS or comprising the router from another location which while possible, is not exactly an easy feat .

Samsung has so far not commented on the issue.


Phone Galaxy Note 4Galaxy S6Galaxy S6 EdgeSamsung
Load 7 comments

You might also like

Samsung to use more LG batteries in its low-end and premium phones

Samsung may have driven LG out of the smartphone market, but it’s more than happy to source components f …

  • By Adnan Farooqui
  • 2 weeks ago

Samsung and Apple jointly hold 60% of global tablet market share

According to the latest report by market research firm Strategy Analytics, Samsung and Apple jointly hold 60% …

  • By Sagar Naresh
  • 2 months ago

New WhatsApp update adds extra layer of privacy to chats

The latest WhatsApp update for Android and iOS adds another layer of privacy for disappearing chats. Media sen …

  • By Anil Ganti
  • 3 months ago

WhatsApp voice messaging is about to get a whole lot better

On Wednesday, WhatsApp announced that it is bringing a bunch of new features to voice messages. These features …

  • By Sagar Naresh
  • 3 months ago

Samsung aims to dominate the mid-tier smartphone market in India

There are a plethora of Samsung smartphones in the mid-tier smartphone category on offer in India. The company …

  • By Sagar Naresh
  • 3 months ago

Realme to be the first to ship phone with Samsung’s newest 108MP …

Chinese smartphone brand Realme has announced that its new flagship, the Realme 9 (4G), will ship with a 108MP …

  • By Sagar Naresh
  • 3 months ago