Millions Of Samsung Galaxy Smartphones Affected By Security Flaw

A flaw on the Swiftkey keyboard software may put million of Samsung Galaxy smartphone users at risk of data theft, installation of malware and eavesdropping of calls. The software is preinstalled on the flagship smartphones of the electronics giant from South Korea.

The flaw was revealed by NowSecure recently, and users may not be able to do anything about it since they are unable to uninstall the software. Among the devices affected are the Galaxy S4, S4 Mini, S5 and S6, NowSecure added.

Samsung revealed it will release a fix to deal with the vulnerability of its devices through Samsung Knox. The fix will be released as a security policy update that users can download directly into their smartphones. Samsung added that the company considers emerging security threats as serious issues. Aside from the security policy update, the company also said it will work on addressing potential risks associated with the Swiftkey software going forward.

Samsung Galaxy smartphone users may be anxious with the latest discover following security breaches that may affect data stored by banks and retailers.

Credit card information of around forty million customers of Target was stolen through the point of sale terminals of the retailer in 2013. This was followed by a hack that affected the names, phone numbers and email addresses of another seventy million customers. Last year, JP Morgan revealed that the account information of around seventy-six million households along with seven million small businesses was stolen. The most recent breach affected LastPass, wherein the email addresses and clues to the master password of their users were stolen.

Security Flaw Discovered On Samsung Galaxy Smartphone - image credit: commons.wikimedia.org

Samsung was informed about the issue affecting the Samsung Galaxy smartphones in December 2014. NowSecure said while a patch was provided by Samsung to mobile network operators at the start of 2015, it was uncertain if the patch was released by the carriers through their networks. The list indicated that the patch was either unavailable or its status is unknown.

The technical analysis of the flaw indicated that the smartphones may be vulnerable to attacks from numerous fronts. A simple hacker may be able to access a phone through an unsecured Wi-Fi connection, while serious attackers can gain access from a remote location.

Due to this, the flaw may be considered a serious threat until a fix is released by Samsung. NowSecure said it will be necessary to avoid using unsecure networks or users can use a different device to reduce the risk of hacks. They can also ask for information about a patch from their carriers.

But, security professionals said hackers may have limited returns from such an attack. Malwarebytes Labs senior malware intelligence analyst Nathan Collier said it will be necessary for a number of things to be present in order for an attack to be carried out properly basing on the description of the flaw by NowSecure.

Collier said these attacks are not normally used by people trying to illegally access devices and computers. Collier added that malware authors may not want to write codes for different smartphone models since they aim to get big returns from paths with least resistance. The South Korean company is already aware of the flaw and it may be working on a patch for the users of their Samsung Galaxy smartphones.

Posted by George Daniels on Thursday June 18 2015, 9:53 AM EST. All trademarks acknowledged. Filed under Technology. Comments and Trackbacks closed. Follow responses: RSS 2.0