Massive Software Flaw Puts 600 Million Samsung Galaxy Users at Risk

By Dondi Tiples, Christian Post Contributor

A huge security flaw discovered in over 600 million Samsung Galaxy devices, including the Samsung Galaxy S6, has put users at risk.

NowSecure security researcher Ryan Welton disclosed a massive software vulnerability in upwards of 600 million Samsung devices that would make users' information vulnerable to hackers.

Speaking at the Blackhat Mobile Security Summit in London yesterday, Welton of the mobile security and forensics firm, revealed the issue is rooted in Samsung's Swift keyboard pre-installed in the Galaxy line of smartphones.

Get Our Latest News for FREE

Subscribe to get daily/weekly email with the top stories (plus special offers!) from The Christian Post. Be the first to know.

Due to the Swift keyboard's pre-programmed software that searches for updated language packs using unencrypted lines at each reboot, hackers are given a window to create a spoof proxy server and implant malicious code into Samsung Galaxy's vulnerable devices.

BGR writes Welton explained Samsung's default Swift keyboard cannot be uninstalled or disabled, and even users who opt to change the default Swift keyboards on their Samsung Galaxy devices are still vulnerable.

Once a Samsung Galaxy Swift keyboard has been targeted, hackers will be able to access a device's resources and sensors, such as its camera, microphone, and GPS. Users will be unaware of malware, or other malicious apps installed into their devices without their knowledge, which may tamper with their other installed apps, or even how their device works.

Backdoor access via the Swift keyboard will enable hackers to eavesdrop on users' incoming and outgoing communication, including messages and voice calls. Attackers can modify upstream traffic via rogue Wi-Fi access, local users on a network, or cellular base stations.

Users will also be vulnerable to remote attacks through DNS hijacking, ISP routers, or even packet injection. Worse, hackers will be able to access sensitive and personal information for identity theft purposes.

NowSecure said Samsung did release a software patch earlier in the year for mobile carriers of its Galaxy lineup, however, it remains unclear which particular carriers have forwarded the patch to customers on their network.

Welton released a list of vulnerable devices which includes the recently released Galaxy S6, as well as the S4, the S4 Mini and the S5.

Was this article helpful?

Help keep The Christian Post free for everyone.

By making a recurring donation or a one-time donation of any amount, you're helping to keep CP's articles free and accessible for everyone.

$25/month$50/quarter$100/yearOne-time

We’re sorry to hear that.

Hope you’ll give us another try and check out some other articles. Return to homepage.

Most Popular

More Articles