Samsung Mobile?s seemingly harmless keypad feature, is putting 600-million phones at risk from cyber attacks. This is according to independent US-based security company, NowSecure.
The lapse, which is present in Samsung?s high-end smartphones, can affect models like the Galaxy S6, S5, S4, and S4 Mini. NowSecure shared that the lapse in the South Korean smartphone?s keyboard software Swiftkey, which has access to all the software in the phone, can be used to gather personal messages, pictures, and even operate phone camera if connected to a Wi-fi network. The bug can also install unwanted or malicious apps in the phone, and gather other sensitive information from the Android device.
This risk was reported to Samsung last year, but it is only now that the Tech giant is seriously considering ramifications. The software bug cannot be easily addressed because the software has been pre-installed in all units.
A Samsung representative however, shared that they will be working on the lapse in the coming days via a security policy update. The update will be available through Samsung?s Knox service.
While consumers wait for further updates, it is advisable that Samsung users avoid unsecured Wi-fi connections, and if possible, to use a different phone until the updates are made available.
Although the security risk can be catastrophic in the future, some analysts are saying that there?s nothing to be too worried about. Malwarebytes Labs said that for hackers to fully take advantage of the bug, they would have to decode each phone?s system thoroughly.