What was supposed to be a fast typing experience is turning into a playground for hackers.
The culprit is a pre-installed version of SwiftKey, the software keyboard that lets you swipe across letters to type faster, found on nearly 600m Samsung smartphones. The security flaw, which doesn't affect SwiftKey users who installed via Google Play, allows unsavoury characters to gain access through the keyboard’s language pack update.
The said update, which is unencrypted, makes it possible for malicious codes to sneak in for a malicious attack. The vulnerabilty, discovered by Chicago-based security firm NowSecure, has bigger implications than having your conversations leaked. Hackers can also gain access to the phone’s camera, microphone, photographs or GPS data. All that translates to a potential stalker knowing where exactly you are and what you’ve been up to.
A deeper hack could even change how the apps in your phone function and even view or steal photos without your knowledge. And no, you can’t uninstall SwiftKey either. Cue awkward silence.
Keep calm and carry on though. There are certain precautions that can be taken. For one, not latching onto an unknown Wi-Fi network that promises free internet, as such unsecure networks could send a language pack your way. Secondly, don’t allow automatic installation of language packs, which is the route for malicious attacks to occur.
Samsung is fully aware of this recent issue and confirms that Samsung Knox, its security platform, has the capability to update the security policy of the phones over-the-air to invalidate any potential vulnerabilities caused by this issue. The said security policy update will be sent to all affected devices in a few days. “In addition to the security policy update, we are also working with SwiftKey to address potential risks going forward”, said a Samsung spokesperson.