If you’re the owner of virtually any Samsung Galaxy device, chances are it has a security flaw that lets hackers install malware on it or eavesdrop on your calls.
The worst part is that there is nothing you can do it about it.
Chicago-based security firm NowSecure has published details on a bug in the Swift keyboard software which is pre-installed on over 600 million Samsung devices. The bugs allows a remote attacker to control a user’s network traffic to launch any software they want on a user’s phone.
The problem is that if your phone has the Swift keyboard software installed it’s impossible to uninstall it.
Swift runs with the highest permissions possible, meaning once a hacker has compromised it they can secretly install malware on a user’s device, access the phone’s camera, microphone and GPS, eavesdrop on calls and messages, steal photos and text messages. and change the way other apps behave.
In a shocking oversight, NowSecure notified Samsung of the vulnerability in December 2014, along with the U.S. Computer Emergency Readiness Team (CERT) and Google’s Android team. But it appears despite Samsung issuing a patch to network operators, who control the software on your phone, many didn’t install it.
The affected devices include the popular Samsung Galaxy S6, S5, S4 and S4 mini on all major U.S. carriers.
NowSecure says the only way to make yourself a little safer is to avoid unsecured Wi-Fi networks or use a different mobile device, which probably isn’t practical for more people.
Fortunately, while the vulnerability is severe, your chances of being infected are minimal because a user must be connected to a compromised network, where a hacker with the right tools is specifically targeting their device.
Yet while most civilians won’t be victim to such an attack, its likely that this exploit has already made its way into the arsenal of cyber weapons used by China, Russia and various other nations, which means our politicians, military leaders and corporate executives are at risk.
Stay Connected
