Samsung keyboard vulnerability risk exposed. This affects over six hundred million plus devices worldwide. Over six hundred million Samsung mobile devices have been affected by a significant security risk on many Samsung models, including a recently released Galaxy S6.
This risk comes from pre installed keyboard, that allows an attacker, to remotely execute code as a system user. This flaw was revealed by a NowSecure security researcher. Samsung was previously notified of this flaw in December of 2014.
Given a seriousness of this issue, NowSecure notified CERT whom notified the Google Android security team. If this flaw in your mobile keyboard is exploited, an attacker could remotely:
* Access sensors and resources like GPS, camera, and microphone
* Secretly install malicious applications without you knowing
* Tamper with how other applications work or how your phone functions
* Eavesdrop on incoming and outgoing messages or voice calls
* Attempt to access sensitive personal information like your pictures and text messages
While Samsung did begin to provide a patch to mobile network operators in early two thousand fifteen, it is not known if those carriers have provided this patch to those devices on their network. In addition, it is very difficult determining how many mobile devices remain vulnerable, given information about device models and number of network operators globally.
You can review this technical detail for this security vulnerability at this NowSecure blog post. Also, you can find out if your Samsung Galaxy device is on this list of vulnerable devices. Finally, here are some quick tips so that you can prevent any security problems:
* Avoid using any insecure wi-fi networks
* Use a different model mobile device
* Contact your carrier for patch information