As many as 600 million Samsung mobile devices could be vulnerable to a major security threat, as uncovered by Ryan Welton, from NowSecure.
The SwiftKey keyboard that comes preinstalled on most Samsung devices such as their flagship phones, the S4, S5, and S6, looks for updates to the language packs over unencrypted, unsecured connections.
This leaves these devices significantly vulnerable to malicious attacks that could potentially give access to contact data, text messages, credit card information, and any sensitive information stored on the phone.
Welton went on to explain that an attacker could also access location information through the device’s various sensors such as the GPS, cameras, and microphones.
The vulnerability can give an attacker user-level privileges to the system, letting them wreak any kind of havoc they wish ranging from siphoning text messages or emails, to monitoring their movements and cyber stalking.
This exploit also gives the attacker the ability to install other malicious applications, compromising the phone even more.
Plugging the Leak
After NowSecure had alerted Samsung about the vulnerability back in November 2014, they delivered a security update to carrier networks for devices running Android 4.2 and above in March 2015.
However, according to recent tests by NowSecure, even Samsung’s newer devices such as the S6 have exhibited the vulnerability.
Welton talked about the exploit in detail, at this year’s Blackhat Security Summit: London.
A spokesperson for NowSecure stated that, “We can confirm that we have found the flaw still unpatched on the Galaxy S6 for the Verizon and Sprint networks, in off the shelf tests we did over the past couple of days.”
Welton highlighted that since the stock keyboard can’t be uninstalled, user devices will be at risk even if they don’t use it. The best thing Samsung Galaxy users can do is avoid logging on to networks they don’t know, and ask their carrier for when the patch will be available.
How Users Can Reduce the Chances of Such Attacks
While the frequency of such attacks can be limited by controlling which networks users connect to, Welton stated that skilled hackers can also hijack the DNS network layer to redirect update requests to a malicious URL, or by compromising the router or ISP directly.
While the mobile security industry is focusing on malware and malicious applications, the real problem for consumers are “leaky apps,” as pointed out by Andrew Hoog, CEO of NowSecure.
Flaws and leaks such as this are a very significant threat to consumer mobile devices as people are usually logging on to any free WiFi network they can find. This makes them even more vulnerable.
Are you using a Samsung Galaxy device? Has your carrier updated your device with the new security patch yet? Let us know in the comments below.