“If you’re rocking a Samsung smartphone, you could be vulnerable to hackers, thanks to a preinstalled keyboard on your device,” Robert Nazarian reports for Digital Trends.
“The vulnerability was discovered by Ryan Welton from mobile security specialists NowSecure. The issue is with the preinstalled Swift keyboard which looks for language pack updates over an unencrypted line,” Nazarian reports. “Welton found that a hacker could create a spoof proxy server and send a fake update to the device with malicious code. The hacker could then exploit the device by eavesdropping on incoming and outgoing messages or voice calls, access personal data such as pictures or text messages, tamper with apps, and even install other malicious apps.”
“Users can’t simply uninstall the Swift app — one of the not so joyous benefits of carrier bloatware. Users are still vulnerable even when Swift isn’t set as the default keyboard,” Nazarian reports. “What’s even scarier about this vulnerability is it even affects the Galaxy S6, which was released in April. Welton detailed this security flaw earlier today at the Blackhat Security Summit in London. He stated that he was able to hack into a Galaxy S6 running on Verizon Wireless. ‘We can confirm that we have found the flaw still unpatched on the Galaxy S6 for the Verizon and Sprint networks, in off the shelf tests we did over the past couple of days,’ a NowSecure spokesperson confirmed… NowSecure recommends staying away from public Wi-Fi networks if you have one of these Samsung devices.”
Read more in the full article here.
MacDailyNews Take: Whenever Apple has an issue, they push the fix out to virtually all iPhone users. Samsung can do no such thing. Many of those who settle for Samsung’s iPhone also-rans are simply stuck with this massive security flaw until/unless they finally wise up and get a real iPhone.
[Thanks to MacDailyNews Reader “Bill” for the heads up.]