If you're using Wi-Fi, your Samsung phone could be hacked

Samsung's smartphone keyboard has a hack-a-licious security flaw

Update: Samsung has sent TechRadar a statement acknowledging it's working on a fix for this security flaw, while also highlighting that Galaxy S4 handsets and above are already safe thanks to its Knox software.

"Samsung takes emerging security threats very seriously. We are aware of the recent issue reported by several media outlets and are committed to providing the latest in mobile security.

"It is important to note that the phone's core functions (kernel) were not affected by the reported issue due to the protection of the Samsung KNOX platform in all S4 models and above.

"Samsung KNOX also has the capability to update the security policy of the phones, over-the-air, to invalidate any remaining potential vulnerabilities caused by this issue. The security policy updates will begin rolling out in a few days.

"In addition to the Security Policy update, we are also working with SwiftKey to address potential risks going forward."

Original article

Samsung's default keyboard on its smartphones has a vulnerability which can be exploited by hackers to snoop around your phone.

Researches from NowSecure found hackers could potentially access the phone's camera, read text messages, install apps and use the microphone to listen to what you're up to.

It all sounds a bit creepy, and it's down to a flaw in the Samsung IME keyboard, which is installed on every Galaxy smartphone - the main component of which is supplied by third party keyboard maker SwiftKey.

Samsung only

Swiftkey has issued a statement, which reads: "This vulnerability is unrelated to and does not affect our SwiftKey consumer apps on Google Play and the Apple App Store.

"We supply Samsung with the core technology that powers the word predictions in their keyboard. It appears that the way this technology was integrated on Samsung devices introduced the security vulnerability.

"We are doing everything we can to support our long-time partner Samsung in their efforts to resolve this important security issue."

While some are claiming this is an easy flaw to exploit, Swiftkey doesn't agree and advises Samsung owners to stay off unknown Wi-Fi networks for now.

"The vulnerability in question is not easy to exploit: a user must be connected to a compromised network (such as a spoofed public Wi-Fi network), where a hacker with the right tools has specifically intended to gain access to their device.

"This access is then only possible if the user's keyboard is conducting a language update at that specific time, while connected to the compromised network."

We have contacted Samsung for more information on the issue, any we will update this article once we receive a response.

Via Independent

TOPICS
John McCann
Global Managing Editor

John joined TechRadar over a decade ago as Staff Writer for Phones, and over the years has built up a vast knowledge of the tech industry. He's interviewed CEOs from some of the world's biggest tech firms, visited their HQs and has appeared on live TV and radio, including Sky News, BBC News, BBC World News, Al Jazeera, LBC and BBC Radio 4. Originally specializing in phones, tablets and wearables, John is now TechRadar's resident automotive expert, reviewing the latest and greatest EVs and PHEVs on the market. John also looks after the day-to-day running of the site.