An estimated 600 million Samsung mobile devices maybe be impacted by a security flaw relating to a pre-installed keyboard.
The vulnerability was discovered by mobile security specialist Ryan Welton of NowSecure. As Welton points out, the pre-installed SwiftKey keyboard looks for language pack updates in an unencrypted, plaintext manner. Because of this, it’s possible for an attacker to intercept the update and insert malicious code without raising suspicion.
If exploited, an attacker could pull off a number of mischievous activities including accessing sensors and resources like the camera and microphone, installing other malicious software without detection, manipulating information and settings on a phone, eavesdrop text messages and voice calls and even potentially access pictures stored on the device.
It’s worth noting that the Swift keyboard that comes pre-installed can’t be disabled or uninstalled. Furthermore, a user does not have to explicitly choose to download a language pack update to trigger the exploit. Even if the keyboard isn’t the default keyboard, it can still be exploited.
Welton said he discovered the vulnerability late last year and notified Samsung. Given the magnitude of the issue, NowSecure reached out to CERT and also informed the Google Android security team.
NowSecure notes that Samsung began providing a patch to mobile network operators in early 2015. It’s unknown, however, if carriers have since provided the patch to devices on their network. It’s additionally difficult to determine exactly how many devices remain vulnerable due to the sheer number of susceptible devices worldwide as well as the wealth of different network operators operating around the globe.