Samsung Galaxy devices at risk of eavesdropping

By on
Samsung Galaxy devices at risk of eavesdropping
Samsung Galaxy S5

More than 600 million Samsung devices are at risk of a new security flaw that allows hackers to eavesdrop on users' phone conversations and rummage through messages and contacts, cybersecurity firm NowSecure stated in a report on Tuesday US time.

Samsung smartphone models, including the recently released Galaxy S6, are vulnerable to a security flaw stemming from a preinstalled keyboard that allows hackers to remotely execute code as a system user, according to NowSecure.

According to the cybersecurity company, Samsung was notified in December of the uncovered flaw. As of Tuesday US time, four different Galaxy S models are still unpatched for the flaw.

Samsung did not respond to a request from CRN USA for comment by deadline.

The flaw, which exists because Samsung did not encrypt the update process of the keyboard, allows remote attackers to manipulate the keyboard update mechanism on Galaxy model devices. 

The Swift keyboard, SwiftKey, comes preinstalled on Samsung devices and cannot be disabled or uninstalled. According to NowSecure, it's "unfortunate but typical for OEMs and carriers to preinstall third-party applications to a device".

"We've seen reports of a security issue related to the Samsung stock keyboard that uses the SwiftKey SDK. We can confirm that the SwiftKey Keyboard app available via Google Play or the Apple App Store is not affected by this vulnerability," SwiftKey said in a statement. "We take reports of this manner very seriously and are currently investigating further."

Once hackers exploit a flaw in the device's keyboard, they could gain access to end users' pictures, text messages, voice calls and sensors. They also could secretly install malicious apps without users' knowledge.

Patrick Moorhead, president and principal analyst of Moor Insights & Strategy, a tech analyst firm, said vendors need to be more vigilant in looking for every potential crack in security.

"This sounds initially like a Samsung update issue, not an Android Play Store issue," he said. "The app, SwiftKey, wasn’t infected, but the unencrypted update method enabled malware to be injected and installed onto the phone. In general, smartphones [in the past] were less prone to these kinds of things because of the minimal ways to install software."

Moorhead said Google recently started to tackle the issue of malware through wide scans in its store, while Apple has been upping its security game with a much more rigid app approval method and by not enabling "side-load" app installations.   

NowSecure stated that Samsung device users can protect sensitive data through avoiding insecure Wi-Fi networks, using a different mobile phone, and contacting carriers for patch information and timing.

This article originally appeared at

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © 2018 The Channel Company, LLC. All rights reserved.

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register


Have you noticed any of the recent public cloud outages?
Yes, it's caused a lot of headaches
Yes, but it's only a minor inconvenience
Yes, but it hasn't had any impact on business
What outages?
View poll archive

Log In

Username / Email:
  |  Forgot your password?