It turns out that Samsung's pre-installed version of SwiftKey for the Galaxy S6 has a security flaw, which is putting user data at risk of being snatched up. According to a US security firm, the issue also affects Samsung's last two flagship smartphones as well, meaning Galaxy S5 and Galaxy S4 users could be affected.
security firm, NowSecure, discovered the issue and has flagged it up with Samsung for patching. The vulnerability comes down to the keyboard's unencrypted connections when downloading different languages. The flaw could potentially allow an attacker to “remotely execute code as a privileged system user”.
From there, attackers could access the camera and microphone of a device and even install malware. Samsung has not yet officially acknowledged the issue but SwiftKey has commented, speaking with Forbes: “We've seen reports of a security issue related to the Samsung keyboard. We can confirm that the SwiftKey keyboard apps available via Google Play or the Apple App Store are not affected by this vulnerability. We take reports of this manner very seriously and are currently investigating further.”
Samsung was first notified of the issue back in December but as is often the case with these things, since nothing has changed in the last six months, the issue has now been made public in order to pressure Samsung in to fixing up its security holes. NowSecure has a full list of affected devices, HERE.
Discuss on our Facebook page, HERE.
KitGuru Says: Now that this security flaw with Samsung's Galaxy devices is public, the company will be under increased pressure to take it seriously and patch it up. That said, it is a bit worrying that the company ignored the problem for six months.